The Cloud AP provider receives the encrypted PRT with session key.When the nonce is validated, Azure AD creates a primary refresh token (PRT) with session key that is encrypted to the device's transport key and returns it to the Cloud AP provider. Azure AD validates the signature and then validates the returned signed nonce. Azure AD validates the signed nonce using the user's securely registered public key against the nonce signature.The Cloud AP provider signs the nonce using the user's private key and returns the signed nonce to the Azure AD.Azure AD returns a nonce that's valid for 5 minutes.
0 Comments
Leave a Reply. |