Merge "Add new version of aaa"

1 files changed, 24 insertions, 0 deletions

diff --git a/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/federated_auth_sequence.wsd b/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/federated_auth_sequence.wsd
new file mode 100644
index 00000000..22d1d916
--- /dev/null
+++ b/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/federated_auth_sequence.wsd
@@ -0,0 +1,24 @@
+title Federated Authentication Sequence (w/ Claim Transformation)
+
+# This walks through the federated authentication sequence where a claim from a
+# third-party IdP system is posted to the ODL token endpoint in exchange for an 
+# access token. The claim information is assumed to be in format specific to the 
+# third-party IdP system and assumed to be captured via either Apache environment
+# variables (Servlet attributes) or HTTP headers. 
+
+Client -> ServletContainer: request access token
+note right of Client
+(claim as Apache env/HTTP headers)
+end note
+ServletContainer -> ClaimAuthFilter: Servlet attributes/headers
+loop foreach ClaimAuth
+    ClaimAuthFilter -> ClaimAuth: transform(Map<String, Object> claim)
+    ClaimAuth -> ClaimAuth: transformClaim
+end
+ClaimAuth -> ClaimAuthFilter: Claim
+note left of ClaimAuth
+(user/domain/roles)
+end note
+ClaimAuthFilter --> TokenEndpoint: Claim
+TokenEndpoint -> TokenEndpoint: createToken
+TokenEndpoint -> Client: access token
\ No newline at end of file