and the identity components will be in StratosManager for OOTB usage....
On Thu, Nov 14, 2013 at 3:41 PM, Pradeep Fernando <[email protected]>wrote: > Hi Devs, > > I had an offline discussion with prabath. This is the security > architecture we came up with the Stratos Manager, both frontend and the > backend. > > > https://docs.google.com/drawings/d/1zXAr_A66syMUMkDO044l3HiroZgzv5g9mQQbfMJDotA/edit?usp=sharing > > Here i explain the steps, please refer the diagram for numbering. > > 1. User comes to the Stratos Manager portal. > 2. get redirected to Identity server > 3. User logged in at the identity server and the redirection happens with > a SAML assertion with logged in user claims. > > - This flow completes the SSO login for Stratos Manager portal. After this > flow Stratos manager portal knows the logged in user role/behavior and > customize the user experience as per the logged in user. > > - Stratos Manager contacts the backend REST api for operations. REST API > is secured using OAuth and it expects a valid OAuth access token. > > 4/5. Stratos manager get a OAuth access token from the IS using SAMLs > grant type. (gives a SAML token and gets an access token) > > 6. access the backend REST API using retrieved access token for the user. > 7. REST API validates the incoming request by calling the validation > endpoint of OAuth server (identity server). > > WDYT ? > > thanks, > --Pradeep > > -- Pradeep Fernando. http://pradeepfernando.blogspot.com/
