You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 28 Next »

Web UI SSO Flow (SAML) Browser WebUI(eg NN UI) KnoxTS/SSO SAMLIdP 1/view.GET() User/browser makes request to UI without valid token 2redirect302(SSO:/login,ui-origin-url) AuthFilter in UI detectes no/invalid token redirects to KnoxTS/SSO preserving ui-origin-url 3/login.GET() Browser follows redirect. Knox finds no/invalid token,redirects to IdP preserving ui-origin-url and ts-origin-url 4redirect302(IdP:/login,ui-origin-url,ts-origin-url) Knox forwards request to SAML IdP preserving origin URLs 5/login.GET() Browser follows redirect 6ok200(form) "SAML IdP presents login form to user" 7/login.POST(username,password) User provides credentials to IdP via login form 8redirect302(SSO:/login,saml-bearer-token,ts-origin-url) IdP redirects back to Knox with SAML Bearer token in headers 9/login.GET(saml-bearer-token,ui-origin-url) Knox converts SAML Bearer Token to a normalized JWT Bearer Token 10redirect302(ui-origin-url):jwt-bearer-token-cookie Knox redirects client back to ui-origin-url with JWT Bearer token in cookie 11/view.GET(jwt-bearer-token-cookie) Browser follows redirect to ui-origin-url with JWT Bearer Token in cookie.JWT Bearer Token validated by AuthFilter 12ok200(response) Response returned to client.

 

 

Web UI SSO Flow (SAML) Browser WebUI(eg NN UI) KnoxTS/SSO SAMLIdP 1page.GET() 2redirect(IDP.login) 3login.GET() 4form 5form.POST(username,password) 6redirect(SSO.translate):saml-bearer-token 7translate.GET(saml-bearer-token) 8redirect(WebUI.page):jwt-bearer-token-cookie 9page.GET(jwt-bearer-token-cookie) 10response

 

 

Web UI SSO Flow (Basic Auth) Browser WebUI SSO LDAP 1page.GET() 2redirect(SSO.login) 3login.GET() 4challenge 5login.GET(credentials) 6authenticate(credentials) 7redirect(WebUI.page):cookie 8page.GET(cookie) 9response

 

 

Web UI SSO Flow (Form) Browser WebUI SSO LDAP 1page.GET() 2redirect(SSO.login) 3login.GET() 4form 5login.POST(credentials) 6authenticate(credentials) 7redirect(WebUI.page):cookie 8page.GET(cookie) 9response
  • No labels