From adf7e6616c2a8d6f60207059288423f693509928 Mon Sep 17 00:00:00 2001 From: DUVAL Thomas Date: Thu, 16 Jun 2016 14:50:31 +0200 Subject: Add new version of aaa Change-Id: I94d72011e6019e66c98f46d11436a5cb33ff295d --- .../src/main/docs/federated_auth_sequence.wsd | 24 ++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/federated_auth_sequence.wsd (limited to 'odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/federated_auth_sequence.wsd') diff --git a/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/federated_auth_sequence.wsd b/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/federated_auth_sequence.wsd new file mode 100644 index 00000000..22d1d916 --- /dev/null +++ b/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/federated_auth_sequence.wsd @@ -0,0 +1,24 @@ +title Federated Authentication Sequence (w/ Claim Transformation) + +# This walks through the federated authentication sequence where a claim from a +# third-party IdP system is posted to the ODL token endpoint in exchange for an +# access token. The claim information is assumed to be in format specific to the +# third-party IdP system and assumed to be captured via either Apache environment +# variables (Servlet attributes) or HTTP headers. + +Client -> ServletContainer: request access token +note right of Client +(claim as Apache env/HTTP headers) +end note +ServletContainer -> ClaimAuthFilter: Servlet attributes/headers +loop foreach ClaimAuth + ClaimAuthFilter -> ClaimAuth: transform(Map claim) + ClaimAuth -> ClaimAuth: transformClaim +end +ClaimAuth -> ClaimAuthFilter: Claim +note left of ClaimAuth +(user/domain/roles) +end note +ClaimAuthFilter --> TokenEndpoint: Claim +TokenEndpoint -> TokenEndpoint: createToken +TokenEndpoint -> Client: access token \ No newline at end of file -- cgit 1.2.3-korg