aboutsummaryrefslogtreecommitdiffstats
path: root/upstream/odl-aaa-moon/aaa/aaa-authn-api/src/main/docs/sssd_auth_sequence.wsd
blob: f97ed1eee0787d7d4f490a6e8f0d6d27972c607f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
title Federated Authentication with SSSD

# This walks through the federated authentication sequence where a claim from a
# third-party IdP system is posted to the ODL token endpoint in exchange for an 
# access token. The claim information is assumed to be in format specific to the 
# third-party IdP system and assumed to be captured via either Apache environment
# variables (Servlet attributes) or HTTP headers. 

Client -> Apache WebServer: authenticate
note right of Client
credentials
end note
Apache WebServer -> SSSD: authenticate
SSSD -> LDAP/AD : authenticate
SSSD -> Apache WebServer: claim
Apache WebServer -> ServletContainer: CGI variables
ServletContainer -> SSSD Plugin: Servlet attributes/headers
SSSD Plugin -> SSSD Plugin : transformClaim
SSSD Plugin -> TokenEndPoint : claim
TokenEndPoint -> TokenEndPoint : createToken
TokenEndPoint -> Client : refresh token, list of authorized domains
Client -> TokenEndPoint : refresh token, domain
TokenEndPoint -> Client : access token