blob: 22d1d916db95c948b86e1609bdfc762490f8472a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
title Federated Authentication Sequence (w/ Claim Transformation)
# This walks through the federated authentication sequence where a claim from a
# third-party IdP system is posted to the ODL token endpoint in exchange for an
# access token. The claim information is assumed to be in format specific to the
# third-party IdP system and assumed to be captured via either Apache environment
# variables (Servlet attributes) or HTTP headers.
Client -> ServletContainer: request access token
note right of Client
(claim as Apache env/HTTP headers)
end note
ServletContainer -> ClaimAuthFilter: Servlet attributes/headers
loop foreach ClaimAuth
ClaimAuthFilter -> ClaimAuth: transform(Map<String, Object> claim)
ClaimAuth -> ClaimAuth: transformClaim
end
ClaimAuth -> ClaimAuthFilter: Claim
note left of ClaimAuth
(user/domain/roles)
end note
ClaimAuthFilter --> TokenEndpoint: Claim
TokenEndpoint -> TokenEndpoint: createToken
TokenEndpoint -> Client: access token
|
