THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
PlantUML | ||||
---|---|---|---|---|
| ||||
hide footbox autonumber participant "Client\n(eg JEE App)" as cli participant "SAML IdP\n(eg Shibboleth)" as idp participant "Knox\nGW" as gw #lime participant "Hadoop\n(eg NN)" as svc #lime activate cli group textgroup Non-normative example of how a saml-bearer-token might be obtained ||| cli -> idp: /authenticate.POST(username,password) activate activateidp idp cli <-- idp: ok200(saml-assertionbearer-token) deactivate idp ||| end ... cli -> gw: /cluster/service.GET(jwtsaml-bearer-token-cookie) activate gw gw -> gw: validate(saml-bearer-token):username gw -> svc: /service.GET(username) activate svc gw <-- svc: ok200(results) deactivate svc cli <-- gw: ok200(results) deactivate gw deactivate cli |
PlantUML | ||||
---|---|---|---|---|
| ||||
hide footbox autonumber participant "Client\n(eg JEE App)" as cli participant "SSO\n(eg Shibboleth)" as sso participant "Knox\nGW" as gw #lime participant "LDAP" as idp participant "Hadoop\n(eg NN)" as svc #lime activate cli cli -> sso: /authenticate.POST(username,password) activate sso cli <-- sso: saml-bearer-token[username] deactivate sso cli -> gw: /cluster/service.GET(jwt-bearer-token) activate gw gw -> idp: lookupGroups(username):groups gw -> svc: /service.GET(username) activate svc gw <-- svc: ok200(results) deactivate svc cli <-- gw: ok200(results) deactivate gw deactivate cli |
...