THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
PlantUML | ||||
---|---|---|---|---|
| ||||
hide footbox
autonumber
participant "Client\n(eg JEE App)" as cli
participant "SAML IdP\n(eg Shibboleth)" as idp
participant "Knox\nGW" as gw #lime
participant "Hadoop\n(eg NN)" as svc #lime
activate cli
group Non-normative example of how a saml-bearer-token might be obtained
|||
cli -> idp: /authenticate.POST(username,password)
activate idp
cli <-- idp: ok200(saml-bearer-token)
deactivate idp
|||
end
...
cli -> gw: /cluster/service.GET(saml-bearer-token)
activate gw
gw -> gw: validate(saml-bearer-token):username
gw -> svc: /service.GET(username)
activate svc
gw <-- svc: ok200(results)
deactivate svc
cli <-- gw: ok200(results)
deactivate gw
deactivate cli |
PlantUML | ||||
---|---|---|---|---|
| ||||
hide footbox
autonumber
participant "Client\n(eg JEE App)" as cli
participant "SSO\n(eg Shibboleth)" as sso
participant "Knox\nGW" as gw #lime
participant "LDAP" as idp
participant "Hadoop\n(eg NN)" as svc #lime
activate cli
cli -> sso: /authenticate.POST(username,password)
activate sso
cli <-- sso: saml-bearer-token[username]
deactivate sso
cli -> gw: /cluster/service.GET(jwt-bearer-token)
activate gw
gw -> idp: lookupGroups(username):groups
gw -> svc: /service.GET(username)
activate svc
gw <-- svc: ok200(results)
deactivate svc
cli <-- gw: ok200(results)
deactivate gw
deactivate cli
|
PlantUML | ||||
---|---|---|---|---|
| ||||
hide footbox autonumber participant "Client\n(eg JEE App)" as cli participant "Knox\nTS/SSO" as sso participant "LDAP" as idp participant "Knox\nGW" as gw participant "Hadoop\n(eg NN)" as svc activate cli cli -> sso: /authenticate.POST(username,password) activate sso sso -> idp: authenticate(credentialsusername,password) sso -> idp: lookupGroups():groups cli <-- sso: JWT bearer tokenjwt-bearer-token[username,groups] deactivate sso cli -> gw: /cluster/service.GET(jwt-bearer-token) activate gw gw -> svc: /service.GET(username) gw <-- svc: results cli <-- gw: results deactivate ssogw deactivate cli |