| Step | Description |
|---|---|
| 1 | A visitor enters the partner's website/portal and clicks on the login button to gain access. |
| 2 | The visitor is re-directed to the default CWL login page, where they are prompted for their CWL username and password. |
| 3 | The CWL Auth 2 engine (Auth2) verifies the visitor's username and password against the CWL database. |
| 4 | Auth2 sends a session ticket to the Partner Adaptor, the latter of which is created by the partner and used for communicating with CWL. The session ticket has two purposes:
|
| 5 | The Partner Adaptor returns the ticket to Auth 2 to prove that it is, in fact, the correct adaptor and that the session has not expired. This step is called Ticket Validation. |
| 6 | If the ticket is valid then a CWL session is established. |
| 7 | The Client Adaptor uses the resulting session to call an API. |
| 8 | Providing the session is still valid, Auth2 presents the appropriate data requested by the API call. |
| 9 | The Client Adaptor passes the data to the Partner Application, and providing the data is correct, it will authorize the user access to the partner site/portal. |
