Skip to content

Commit

Permalink
add token exchange and iframe option
Browse files Browse the repository at this point in the history
  • Loading branch information
@gregorwolf
gregorwolf committed Mar 7, 2024
1 parent 28995f9 commit abd16f0
Showing 1 changed file with 67 additions and 3 deletions.
70 changes: 67 additions & 3 deletions test/entra-id-saml-bearer.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
# OAuth SAML Bearer Assertion Flow
# Options to embed SAP BTP Applications in Web Applications

## OAuth SAML Bearer Assertion Flow

```mermaid
sequenceDiagram
Expand All @@ -24,8 +26,70 @@ WebApp->>IdP: Requests SAML Assertion with JWT
IdP->>WebApp: Provides SAML Assertion
WebApp->>XSUAA: Requests BTP JWT with SAML Assertion
XSUAA->>XSUAA: Validates SAML Assertion
XSUAA->>WebApp: Provides BTS JWT
WebApp->>BTPApp: Sends request with BTS JWT as Authorization Header
XSUAA->>WebApp: Provides BTP JWT
WebApp->>BTPApp: Sends request with BTP JWT as Authorization Header
BTPApp->>WebApp: Response with Application data
WebApp->>User: Forward Application Data
```

## OAuth Token Exchange Flow

```mermaid
sequenceDiagram
%% participants
participant User as User
participant WebApp as Web Application
participant IdP as Identity Provider
participant SAPIAS as SAP Identity Authentication Service
participant XSUAA as SAP BTP Authentication
participant BTPApp as SAP BTP Application
%% arrows
loop Setup
WebApp-->>IdP: Trust Configuration
IdP-->>XSUAA: Trust Configuration
end
User->>WebApp: Open App
WebApp->>IdP: Requests User Authentication
IdP->>User: Ask User for credentials and other factors
User->>IdP: Provides credentials and other factors
IdP->>WebApp: Provides JWT
WebApp->>User: Session Cookie
User->>WebApp: Request to SAP
WebApp->>SAPIAS: Requests BTP JWT with JWT
SAPIAS->>WebApp: Provides BTP JTW
WebApp->>BTPApp: Sends request with BTP JWT as Authorization Header
BTPApp->>WebApp: Response with Application data
WebApp->>User: Forward Application Data
```

## Embed SAP BTP App in Web Application

```mermaid
sequenceDiagram
%% participants
participant User as User
participant WebApp as Web Application
participant IdP as Identity Provider
participant SAPIAS as SAP Identity Authentication Service
participant XSUAA as SAP BTP Authentication
participant BTPApp as SAP BTP Application
%% arrows
loop Setup
WebApp-->>IdP: Trust Configuration
IdP-->>XSUAA: Trust Configuration
end
User->>WebApp: Open App
WebApp->>IdP: Requests User Authentication
IdP->>User: Ask User for credentials and other factors
User->>IdP: Provides credentials and other factors
IdP->>WebApp: Provides JWT
WebApp->>User: Session Cookie
User->>WebApp: Request to SAP App
WebApp->>User: Provides SAP App in a IFrame
User->>BTPApp: Requests SAP App
BTPApp->>SAPIAS: Requests User Authentication
SAPIAS->>IdP: Requests User Authentication
IdP->>SAPIAS: OpenID Connect
SAPIAS->>BTPApp: Authenticated User
BTPApp->>User: Provides SAP App
```

0 comments on commit abd16f0

Please sign in to comment.