wiki:T12_Security/ESG/TDSsslClient

Version 2 (modified by pjkersha, 9 years ago) (diff)

--

TDS Secured with ESG Security Filters with SSL Client based Access

Secured TDS using ESG Security Filters with SSL client based authentication

Created using  http://websequencediagrams.com:

participant "User via rich client"
participant "TDS: Authentication Redirect Filter"
participant "TDS: Authorization Filter"
participant "TDS"
participant "Authentication Service: SSL Filter"
participant "Authentication Service: OpenID RP Filter"
participant "Gateway OpenID Provider"
participant "Gateway Authorization Service"

"User via rich client" -> "TDS: Authentication Redirect Filter": TDS request intercepted by\nauthentication filter
"TDS: Authentication Redirect Filter" -> "TDS: Authentication Redirect Filter": is the request to a secured resource?
"TDS: Authentication Redirect Filter" -> "TDS: Authentication Redirect Filter": is the user authenticated?
"TDS: Authentication Redirect Filter" -> "User via rich client": The resource is secured but user\nis not authenticated: \nrequest client redirect\nto Authentication Service
"User via rich client" -> "Authentication Service: SSL Filter": Authentication request
"Authentication Service: SSL Filter" -> "Authentication Service: SSL Filter": Did the client provide a\ncertificate in the\nSSL handshake?  If so,\nuse it to authenticate them
"Authentication Service: SSL Filter" -> "Authentication Service: SSL Filter": a certificate was provided:\nauthenticate user and set cookie
"Authentication Service: SSL Filter" -> "User via rich client": request redirect back to\noriginal TDS request URL.
"User via rich client" -> "TDS: Authentication Redirect Filter": Request intercepted by Redirect\nFilter again
"TDS: Authentication Redirect Filter" -> "TDS: Authentication Redirect Filter": is the request to a secured resource?
"TDS: Authentication Redirect Filter" -> "TDS: Authentication Redirect Filter": is the user authenticated?
"TDS: Authentication Redirect Filter" -> "TDS: Authorization Filter": Pass to authorization filter because,\nyes the request is to a secured\nresource and the user is\nauthenticated.
"TDS: Authorization Filter" -> "Gateway Authorization Service": AuthzDecisionQuery(userId, resourceURI)
"Gateway Authorization Service" -> "TDS: Authorization Filter": AuthzDecisionStatement Grant/Deny
"TDS: Authorization Filter" -> "TDS": The decision was Grant:\npass on the request\nto the TDS.
"TDS" -> "User via rich client": Serve data requested

Attachments

  • tdsSSLBasedSignIn.png Download (61.7 KB) - added by pjkersha 9 years ago. Secured TDS using ESG Security Filters with SSL client based authentication