From 6bdd440937e242f2281101cc30802dc11df1ea12 Mon Sep 17 00:00:00 2001 From: Gregor Wolf Date: Sun, 10 Mar 2024 09:30:34 +0100 Subject: [PATCH] split documentation for SAML Bearer and Token Exchange --- test/entra-id-oauth-token-exchange.md | 39 +++++++++++++++++++++++++++ test/entra-id-saml-bearer.md | 30 --------------------- 2 files changed, 39 insertions(+), 30 deletions(-) create mode 100644 test/entra-id-oauth-token-exchange.md diff --git a/test/entra-id-oauth-token-exchange.md b/test/entra-id-oauth-token-exchange.md new file mode 100644 index 0000000..7b90125 --- /dev/null +++ b/test/entra-id-oauth-token-exchange.md @@ -0,0 +1,39 @@ +## OAuth Token Exchange Flow + +Configuration based on the SAP Community blog posts: + +- [Exchange JWT token from Azure with token issued by SAP Cloud Identity Authentication Service](https://community.sap.com/t5/technology-blogs-by-sap/exchange-jwt-token-from-azure-with-token-issued-by-sap-cloud-identity/ba-p/13553444) +- [Connecting SAP IAS as a proxy to Azure AD using OpenID Connect](https://community.sap.com/t5/technology-blogs-by-members/connecting-sap-ias-as-a-proxy-to-azure-ad-using-openid-connect/ba-p/13534385) + +```mermaid +sequenceDiagram +%% participants +participant User as User +participant WebApp as Web Application +participant IdP as Identity Provider +participant SAPIAS as SAP Identity Authentication Service +participant XSUAA as SAP BTP Authentication +participant BTPApp as SAP BTP Application +%% arrows +loop Setup +WebApp-->IdP: Trust Configuration +IdP-->SAPIAS: Trust Configuration +SAPIAS-->XSUAA: Trust Configuration +end +User->>WebApp: Open App +WebApp->>IdP: Requests User Authentication +IdP->>User: Ask User for credentials and other factors +User->>IdP: Provides credentials and other factors +IdP->>WebApp: Provides JWT +WebApp->>User: Session Cookie +User->>WebApp: Request to SAP +WebApp->>SAPIAS: Requests SAP IAS JWT with JWT +SAPIAS->>SAPIAS: Validates JWT +SAPIAS->>WebApp: Provides SAP IAS JTW +WebApp->>XSUAA: Requests BTP JWT with SAP IAS JTW +XSUAA->>XSUAA: Validates SAP IAS JTW +XSUAA->>WebApp: Provides BTP JTW +WebApp->>BTPApp: Sends request with BTP JWT as Authorization Header +BTPApp->>WebApp: Response with Application data +WebApp->>User: Forward Application Data +``` diff --git a/test/entra-id-saml-bearer.md b/test/entra-id-saml-bearer.md index 951bf75..029b686 100644 --- a/test/entra-id-saml-bearer.md +++ b/test/entra-id-saml-bearer.md @@ -32,36 +32,6 @@ BTPApp->>WebApp: Response with Application data WebApp->>User: Forward Application Data ``` -## OAuth Token Exchange Flow - -```mermaid -sequenceDiagram -%% participants -participant User as User -participant WebApp as Web Application -participant IdP as Identity Provider -participant SAPIAS as SAP Identity Authentication Service -participant BTPApp as SAP BTP Application -%% arrows -loop Setup -WebApp-->IdP: Trust Configuration -IdP-->SAPIAS: Trust Configuration -end -User->>WebApp: Open App -WebApp->>IdP: Requests User Authentication -IdP->>User: Ask User for credentials and other factors -User->>IdP: Provides credentials and other factors -IdP->>WebApp: Provides JWT -WebApp->>User: Session Cookie -User->>WebApp: Request to SAP -WebApp->>SAPIAS: Requests BTP JWT with JWT -SAPIAS->>SAPIAS: Validates JWT Assertion -SAPIAS->>WebApp: Provides BTP JTW -WebApp->>BTPApp: Sends request with BTP JWT as Authorization Header -BTPApp->>WebApp: Response with Application data -WebApp->>User: Forward Application Data -``` - ## Embed SAP BTP App in Web Application ```mermaid