-
Notifications
You must be signed in to change notification settings - Fork 5
k.LAB authentication processes
Enrico Girotto edited this page Sep 9, 2022
·
2 revisions
sequenceDiagram
participant Node
note left of Node: Multiple instances
Node->>+Hub: Node certificate
Hub->>Hub: Check from Mongo
Hub->>Hub: Update Node status
Hub-->>-Node: NodeAuthenticationResponse
note left of Node: Get groups and JWT public token and store it
participant Hub
actor Engine
Engine->>+Hub: Send certificate
Hub-->>Hub: Authenticate LDAP
Hub-->>-Engine: Nodes list
note right of Engine: Get the token for nodes
Engine->>+Node: Capabilities with AUTHENTICATION header
Node->>Node: Check AUTHENTICATION header
note left of Node: Checked using JWT token
Node-->-Engine: Capabilities
actor User
opt New user
User->>+Hub: Signup
Hub->>Hub: Create pending user in MongoDB
Hub-->>-User: Verification mail
User->>+Hub: Verification
Hub-->>-User: Ask for password creation
User->>+Hub: New password
Hub->>-Hub: Create user in LDAP
end
User->>+Hub: Login
Hub->>Hub: Authenticate LDAP
Hub-->>-User: Manage profile
actor RemoteEngine
RemoteEngine->>+Hub: Send certificate
note right of RemoteEngine: Certificate gave from CONSUL
Hub-->>Hub: Authenticate LDAP
Hub-->>-RemoteEngine: Nodes list
note right of RemoteEngine: Get the token for nodes
RemoteEngine->>+Node: Capabilities with AUTHENTICATION header
Node->>Node: Check AUTHENTICATION header
note left of Node: Checked using JWT token
Node-->-RemoteEngine: Capabilities
User->>+RemoteEngine: Login
RemoteEngine-->-User: Token and session
User-)RemoteEngine: Use
User-xRemoteEngine: Logout