You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 39 Next »

Web UI SSO Flow (SAML) Browser WebUI(eg NN UI) KnoxTS/SSO SAMLIdP 1/view.GET() User/browser makes request to UI without valid token 2redirect302(SSO:/login,ui-origin-url) AuthFilter in UI detectes no/invalid token redirects to KnoxTS/SSO preserving ui-origin-url 3/login.GET(ui-origin-uil) Browser follows redirect 4redirect302(IdP:/login,knox-origin-url) KnoxTS/SSO finds no/invalid token,redirects to SAML IdP preserving knox-origin-url with encoded ui-origin-uri 5/login.GET(knox-origin-url) Browser follows redirect 6ok200(form) SAML IdP presents login form to user 7/login.POST(username,password) User provides credentials to IdP via login form.SAML IdP validates credentials. 8redirect302(knox-origin-url,saml-bearer-token) IdP redirects back to knox-origin-url with SAML Bearer token in headers 9/login.GET(saml-bearer-token) Knox converts SAML Bearer Token to a normalized JWT Bearer Tokenand extracts ui-origin-url from knox-origin-url 10redirect302(ui-origin-url,jwt-bearer-token-cookie) Knox redirects client back to ui-origin-url with JWT Bearer token in cookie 11/view.GET(jwt-bearer-token-cookie) Browser follows redirect to ui-origin-url with JWT Bearer Token in cookie.JWT Bearer Token validated by AuthFilter in UI 12ok200(response) Request processes and response returned to client.

 

 

Web UI SSO Flow (SAML) Browser WebUI(eg NN UI) KnoxTS/SSO SAMLIdP 1page.GET() 2redirect(IDP.login) 3login.GET() 4form 5form.POST(username,password) 6redirect(SSO.translate):saml-bearer-token 7translate.GET(saml-bearer-token) 8redirect(WebUI.page):jwt-bearer-token-cookie 9page.GET(jwt-bearer-token-cookie) 10response

 

 

Web UI SSO Flow (Basic Auth) Browser WebUI SSO LDAP 1page.GET() 2redirect(SSO.login) 3login.GET() 4challenge 5login.GET(credentials) 6authenticate(credentials) 7redirect(WebUI.page):cookie 8page.GET(cookie) 9response

 

 

Web UI SSO Flow (Form) Browser WebUI SSO LDAP 1page.GET() 2redirect(SSO.login) 3login.GET() 4form 5login.POST(credentials) 6authenticate(credentials) 7redirect(WebUI.page):cookie 8page.GET(cookie) 9response
  • No labels