3.12.5.1 Issue Preauthentication

  • Article

The server MUST implement the behaviors in this section if and only if the following is met for a particular incoming request:

  1. The request contains the header X-MS-Proxy, as defined in section 2.2.1.1.

  2. The [Server State].ProxyRelyingPartyTrust, as defined in section 3.1.1.1, that has the same URI {web-application-for-client-id} (using a case-insensitive comparison) as an object in the [Server State].RelyingPartyTrust array, as defined in section 2.2.2.5, has the enabled property set to true.

  3. The [Relying Party Trust] being preauthenticated exists and has the value of publishedThroughProxy set to true. Note that pre-authentication is different for each protocol; refer to subsequent sections for details.