Versions Compared

Old Version 8

changes.mady.by.user Kevin Minder

Saved on

compared with

New Version 9

changes.mady.by.user Kevin Minder

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
PlantUML
border1
titleREST SSO Flow (SAML)
hide footbox
autonumber

participant "Client\n(eg JEE App)" as cli
participant "SSO" as sso
participant "LDAPKnox\nGW" as idpgw
participant "Knox\nGWLDAP" as gwidp
participant "Hadoop\n(eg NN)" as svc
 
activate cli

cli -> sso: /authenticate.POST(username,password)
  activate sso 
  cli <-- sso: saml-bearer-token[username,groups]
  deactivate sso
 
cli -> gw: /cluster/service.GET(jwt-bearer-token)
  activate gw
  gw -> idp: lookupGroups(username):groups
  gw -> svc: /service.GET(username)
  gw <-- svc: results
  cli <-- gw: results
  deactivate gw
deactivate cli

 

 

PlantUML
border1
titleREST SSO Flow (LDAP)
hide footbox
autonumber

participant "Client\n(eg JEE App)" as cli
participant "Knox\nTS/SSO" as sso
participant "LDAP" as idp
participant "Knox\nGW" as gw
participant "Hadoop\n(eg NN)" as svc
 
activate cli

cli -> sso: /authenticate.POST(username,password)
  activate sso 
  sso -> idp: authenticate(username,password)
  sso -> idp: lookupGroups():groups
  cli <-- sso: jwt-bearer-token[username,groups]
  deactivate sso
 
cli -> gw: /cluster/service.GET(jwt-bearer-token)
  activate gw
  gw -> svc: /service.GET(username)
  gw <-- svc: results
  cli <-- gw: results
  deactivate gw
deactivate cli