You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 26 Next »

Web UI SSO Flow (SAML) Browser WebUI(eg NN UI) KnoxTS/SSO SAMLIdP 1/view.GET() AuthFilter in UI detectes no/invalid token redirects to KnoxTS/SSO preserving ui-origin-url 2redirect302(SSO:/login,ui-origin-url) Browser follows redirect. Knox find no/invalid token,redirects to IdP preserving ui-origin-url and ts-origin-url 3/login.GET() 4redirect302(IdP:/login,ui-origin-url,ts-origin-url) Knox forwards request to SAML IdP preserving origin URLs "Browser follows redirect" 5/login.GET() "SAML IdP presents login form to user" 6ok200(form) User provides credentials to IdP via login form 7/login.POST(username,password) IdP redirects back to Knox with SAML Bearer token in headers 8redirect302(SSO:/login,saml-bearer-token,ts-origin-url) Knox converts SAML Bearer Token to a normalized JWT Bearer Token 9/login.GET(saml-bearer-token,ui-origin-url) Knox redirects client back to ui-origin-url with JWT Bearer token in cookie 10redirect302(ui-origin-url):jwt-bearer-token-cookie Browser follows redirect to ui-origin-url with JWT Bearer Token in cookie.JWT Bearer Token validated by AuthFilter 11/view.GET(jwt-bearer-token-cookie) Response returned to client. 12ok200(response)

 

 

Web UI SSO Flow (SAML) Browser WebUI(eg NN UI) KnoxTS/SSO SAMLIdP 1page.GET() 2redirect(IDP.login) 3login.GET() 4form 5form.POST(username,password) 6redirect(SSO.translate):saml-bearer-token 7translate.GET(saml-bearer-token) 8redirect(WebUI.page):jwt-bearer-token-cookie 9page.GET(jwt-bearer-token-cookie) 10response

 

 

Web UI SSO Flow (Basic Auth) Browser WebUI SSO LDAP 1page.GET() 2redirect(SSO.login) 3login.GET() 4challenge 5login.GET(credentials) 6authenticate(credentials) 7redirect(WebUI.page):cookie 8page.GET(cookie) 9response

 

 

Web UI SSO Flow (Form) Browser WebUI SSO LDAP 1page.GET() 2redirect(SSO.login) 3login.GET() 4form 5login.POST(credentials) 6authenticate(credentials) 7redirect(WebUI.page):cookie 8page.GET(cookie) 9response
  • No labels