aboutsummaryrefslogtreecommitdiffstats
path: root/odl-aaa-moon/aaa-authn-api/src/main/docs/federated_auth_sequence.wsd
blob: 22d1d916db95c948b86e1609bdfc762490f8472a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
title Federated Authentication Sequence (w/ Claim Transformation)

# This walks through the federated authentication sequence where a claim from a
# third-party IdP system is posted to the ODL token endpoint in exchange for an 
# access token. The claim information is assumed to be in format specific to the 
# third-party IdP system and assumed to be captured via either Apache environment
# variables (Servlet attributes) or HTTP headers. 

Client -> ServletContainer: request access token
note right of Client
(claim as Apache env/HTTP headers)
end note
ServletContainer -> ClaimAuthFilter: Servlet attributes/headers
loop foreach ClaimAuth
    ClaimAuthFilter -> ClaimAuth: transform(Map<String, Object> claim)
    ClaimAuth -> ClaimAuth: transformClaim
end
ClaimAuth -> ClaimAuthFilter: Claim
note left of ClaimAuth
(user/domain/roles)
end note
ClaimAuthFilter --> TokenEndpoint: Claim
TokenEndpoint -> TokenEndpoint: createToken
TokenEndpoint -> Client: access token