I am trying to understand how smartcard auth happens over Azure. I Understand that we require on-Prem ADFS however I am trying figure out two things:
1) What exact exchange takes places between Azure and client? Something like below:
GET https://login.microsoftonline.com/{tenant}/oauth2/authorize? client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=id_token+code&redirect_uri=http%3A%2F%2Flocalhost%3a12345 &response_mode=form_post&scope=openid&resource=https%3A%2F%2Fservice.contoso.com%2F&state=12345&nonce=678910
2) How is Smartcard Authenticated? Is it a challenge response or the certificate is verified? In case of challenge response the client generates a signed data that is verified by ADFS?