QUESTIONHow do actions that utilize Nintex Live authenticate against the Live service in Azure?
ANSWERThe authentication between Nintex Live and Active Directory works as follows for federated AD accounts:
- Nintex Live attempts to retrieve domain registration information for the user account in the workflow action: "firstname.lastname@example.org". A request with the login name is sent to Microsoft Online HRD (Home Realm Discovery) service, so it can find out the URL of the federation service (corporate ADFS) responsible for authentication.
- Attempting to authenticate to the security token service at (applicable if user account is federated, otherwise it skips to step 3).
- If the user account was authenticated and the security token was retrieved successfully.
- Send a SAML Request message (contains the logon token from ADFS) to the Microsoft Online Security Token Service (STS), located at the following address: https://login.microsoftonline.com/extSTS.srf
- Receive SAML Response. Parse the Token Response and Get Security Token & Expiry Date.
- Send the Security Token to SharePoint Online: https://yourdomain.sharepoint.com/_f...?wa=wsignin1.0
- Receive the authentication cookies. After SPO has validated the Security Token, it will return the authentication cookies.
- Send requests including authentication cookies (CSOM) a. SharePoint client context - call execute query