An authentication request is generated in Hermod and a temporary URL is returned that is used on the web page to invoke Personal Desktop client.
The URI from the response is added as a link on the login page and can be invoked either on loading the page or when user clicks the link.
When the user has provided the smart card and entered the PIN then personal will sign the authentication request and send the response to Hermod which sends the response to the Application Server in a callback.
Callbacks are not guaranteed, as a best effort to optimize response times. If callback are not received in expected time frame it is the responsibility of the integrator to poll for the status.