hide footbox autonumber participant "Client\n(eg JEE App)" as cli participant "SAML IdP\n(eg Shibboleth)" as idp participant "Knox\nGW" as gw #lime participant "Hadoop\n(eg NN)" as svc #lime activate cli cli -> idp: /authenticate.POST(username,password) note right #red Non-normative example of how a saml-bearer-token might be obtained end note activate idp cli <-- idp: ok200(saml-bearer-token) deactivate idp cli -> gw: /cluster/service.GET(saml-bearer-token) activate gw gw -> gw: validate(saml-bearer-token):username gw -> svc: /service.GET(username) activate svc gw <-- svc: ok200(results) deactivate svc cli <-- gw: ok200(results) deactivate gw deactivate cli |
hide footbox autonumber participant "Client\n(eg JEE App)" as cli participant "SSO\n(eg Shibboleth)" as sso participant "Knox\nGW" as gw #lime participant "LDAP" as idp participant "Hadoop\n(eg NN)" as svc #lime activate cli cli -> sso: /authenticate.POST(username,password) activate sso cli <-- sso: saml-bearer-token[username] deactivate sso cli -> gw: /cluster/service.GET(jwt-bearer-token) activate gw gw -> idp: lookupGroups(username):groups gw -> svc: /service.GET(username) activate svc gw <-- svc: ok200(results) deactivate svc cli <-- gw: ok200(results) deactivate gw deactivate cli |
hide footbox autonumber participant "Client\n(eg JEE App)" as cli participant "Knox\nTS/SSO" as sso participant "LDAP" as idp participant "Knox\nGW" as gw participant "Hadoop\n(eg NN)" as svc activate cli cli -> sso: /authenticate.POST(username,password) activate sso sso -> idp: authenticate(username,password) sso -> idp: lookupGroups():groups cli <-- sso: jwt-bearer-token[username,groups] deactivate sso cli -> gw: /cluster/service.GET(jwt-bearer-token) activate gw gw -> svc: /service.GET(username) gw <-- svc: results cli <-- gw: results deactivate gw deactivate cli |