Using the authorization token to create a browser session - workflow

This section explains the process of using an authorization token to launch a DocViewer browser session. The Authorization and connecting to the DocViewer endpoint section has detailed information on connecting to DocViewer using a security token and session ID.

DocViewer has been enhanced to optionally require a Simple Web Token (SWT) whenever they do any internal DocViewer calls (autoselection, getting a document view, changing data, etc). The flow of data looks like this:

1. DocViewer obtains a Simple Web Token (SWT) from DGS and adds that to the BeginSessionResponse with the DocViewer URL (https://ct-expere.wolterskluwerfs.com/DocServices/Services/SecuritySession/SecuritySessionSvc.svc) and SessionID; this collection of data is sent back to the original calling party (BeginSessionResult).
   Note: See Sample Response.
2. The external application renders a page that immediately redirects to the returned DocViewer URL and posts the token.
3. DocViewer validates the SWT that was passed in the SOAP; if the token is valid, users input data via DocViewer.
4. Windows Identity Foundation uses the SWT and issues an authentication cookie.