Authenticated UserProtected Web Server(REST App)Access Management ServerCTS1.Access attempt2.Evaluate policiesPolicy has transaction conditionTransaction3.Create and store transaction tokenTransaction state:CREATED4.Return transaction ID in advicesRegular Session Upgrade Steps5.Initiate authentication, include transaction ID6.Modify transaction token stateTransaction state:IN_PROGRESS7.Return callbacks for authentication8.Render callbacks9.Perform requested authentication10.Return completed callbacks11.Modify transaction token stateTransaction state:COMPLETED12.Return existing token ID13.Reevaluate policies, include transaction ID14.Verify transaction token state15.Transaction state isCOMPLETEDand transaction was authorizedTransaction state:DELETED16.Allow single access17.Access resource once