In order to properly authenticate a client to a server, a conventional three party protocol is in use. The three parties include the client, the server (also called the relying party), and an identity provider, each being computing systems. The server is termed a “relying party” because it relies on the authentication of the client performed by the identity provider.
In this protocol, the client makes a service request to the relying party. Recognizing that the client is not authenticated yet, the relying party redirects the client to the identity provider. The identity provider authenticates the client, provides a security token to the client, and instructs the client to provide that security token back to the relying party. Those instructions are sometimes in the form of executable code that is automatically executed by the client causing the client to provide the security token to the relying party. The relying party then uses the security token to determine that the identity provider has indeed authenticated the client.