Pulse can be configured to delegate authentication to an OpenID Connect Provider (OP).

Authenticating with OpenID Connect

Pulse uses the configured OpenID Connect Provider (OP) to authenticate the user and to obtain the user's permission to access their cluster via JMX. PlantUML 1.2023.12 <b>This version of PlantUML is 302 days old, so you should<b>consider upgrading from https://plantuml.com/download [From string (line 8) ] @startumltitle Pulse Authenticates with OpenID Connect Provider (OP)title Pulse Authenticates with OpenID Connect Provider (OP)participant User as userparticipant Browser as browserparticipant "Pulse (Spring)" as springparticipant OP as opuser -> browser +: /<protected-uri>Syntax Error?

Authorizing With Access Tokens

During authentication, Pulse requests an access token along with the ID token. Internally, Pulse uses the access token to connect to the Geode cluster's JMX manager. PlantUML 1.2023.12 <b>This version of PlantUML is 302 days old, so you should<b>consider upgrading from https://plantuml.com/download [From string (line 11) ] @startumltitle Pulse Connects to Geode JMX with the User's Access Tokentitle Pulse Connects to Geode JMX with the User's Access Tokenparticipant "Pulse Page\nJavascript" as pageparticipant "Pulse\nController" as pulseparticipant Repository as repositoryparticipant Spring as springparticipant Cluster as clusterparticipant "Geode JMX" as jmxparticipant "Custom\nSecurity\nManager" as smpage -> pulse +: /<some-data-url>Syntax Error?

Refreshing Expired Access Tokens

If the OP issues a refresh token, Pulse attempts to refresh the user's access token when it expires. PlantUML 1.2023.12 <b>This version of PlantUML is 302 days old, so you should<b>consider upgrading from https://plantuml.com/download [From string (line 12) ] @startumltitle Pulse Refreshes an Expired Access Token and Reconnects to Geode JMXtitle Pulse Refreshes an Expired Access Token and Reconnects to Geode JMXparticipant "Pulse Page\nJavascript" as pageparticipant "Pulse\nController" as pulseparticipant Repository as repositoryparticipant Spring as springparticipant Cluster as clusterparticipant OP as opparticipant "Geode JMX" as jmxparticipant "Custom\nSecurity\nManager" as smpage -> pulse +: /<some-data-url>Syntax Error?

Automatic Disconnect and Logout When Unable to Refresh

If there is no refresh token, or if the refresh token has expired, or if the OP declines to refresh the expired access token, Pulse disconnects from the JMX manager and logs the user out of the Pulse browser session.

This diagram shows only the "expired refresh token" scenario, but the flow is very similar if the refresh token is missing or the OP declines the refresh request. PlantUML 1.2023.12 <b>This version of PlantUML is 302 days old, so you should<b>consider upgrading from https://plantuml.com/download [From string (line 11) ] @startumltitle Pulse Disconnects from Geode JMX When the User's Refresh Token Expirestitle Pulse Disconnects from Geode JMX When the User's Refresh Token Expiresparticipant Browser as browserparticipant "Pulse Page\nJavascript" as pageparticipant "Pulse\nController" as pulseparticipant Repository as repositoryparticipant Spring as springparticipant Cluster as clusterparticipant "Geode JMX" as jmxbrowser -> page +: /clusterDetailSyntax Error?

  • No labels