Page History

skinparam sequence {

  LifeLineBackgroundColor lightyellow

}

hide footbox

autonumber

participant "Browser" as ua

participant "Ambari\nServer UI" as ms #lime

participant "HDFS\nNN UI" as nn #lime

participant "Knox" as gw #lime

participant "SAML IdP\n(eg Shibboleth)" as idp

participant "LDAP or\nActiveDirectory" as as

activate ua

ua -> ms: ambari-view-url.GET()

activate ms

ua <-- ms: redirect302(knox-url,ambari-url)

deactivate ms

ua -> gw: knox-url.GET(ambari-url)

activate gw

|||

group SAML

ua <-- gw: ok200(idp-redirect-form[idp-url,knox-url,ambari-url])

note right: Redirect forms auto submitted\nvia embedded JavaScript

deactivate gw

ua -> idp: idp-url.POST(knox-url,ambari-url)

activate idp

ua <-- idp: ok200(idp-login-form[idp-url,knox-url,ambari-url])

deactivate idp

ua -> idp: idp-url.POST(username,password,knox-url,ambari-url)

activate idp

idp -> as: authenticate\n(usernme,password)

ua <-- idp: ok200(knox-redirect-form[knox-url,ambari-url,idp-token])

deactivate idp

ua -> gw: knox-url.POST(ambari-url,idp-token)

activate gw

|||

end group

ua <-- gw: ok200(ambari-redirect-form[ambari-url,knox-token],knox-cookie)

note right: Token exchange

deactivate gw

ua -> ms: ambari-url.GET(knox-token)

activate ms

ua <-- ms: redirect302(ambari-url,ambari-cookie)

deactivate ms

ua -> ms: ambari-url.GET(ambari-cookie)

activate ms

ua <-- ms: ok200(ambari-view)

deactivate ms

...

note over ua, as: Subsequent uses of other UIs do not require authentication/SAML due to knox-cookie in Browser

ua -> nn: nn-url.GET()

activate nn

ua <-- nn: redirect302(knox-url,nn-url)

deactivate nn

ua -> gw: knox-url.GET(nn-url,knox-cookie)

activate gw

ua <-- gw: ok200(nn-redirect-form[nn-url,knox-token])

deactivate gw

ua -> nn: nn-url.GET(knox-token)

activate nn

ua <-- nn: redirect302(nn-url,nn-cookie)

deactivate nn

ua -> nn: nn-url.GET(nn-cookie)

activate nn

ua <-- nn: ok200(nn-view)

deactivate nn

deactivate ua