From abd16f0f123c17c6a34221ab10bda9557e234d6c Mon Sep 17 00:00:00 2001 From: Gregor Wolf Date: Thu, 7 Mar 2024 15:14:13 +0100 Subject: [PATCH] add token exchange and iframe option --- test/entra-id-saml-bearer.md | 70 ++++++++++++++++++++++++++++++++++-- 1 file changed, 67 insertions(+), 3 deletions(-) diff --git a/test/entra-id-saml-bearer.md b/test/entra-id-saml-bearer.md index 7e9b5ad..5a299d5 100644 --- a/test/entra-id-saml-bearer.md +++ b/test/entra-id-saml-bearer.md @@ -1,4 +1,6 @@ -# OAuth SAML Bearer Assertion Flow +# Options to embed SAP BTP Applications in Web Applications + +## OAuth SAML Bearer Assertion Flow ```mermaid sequenceDiagram @@ -24,8 +26,70 @@ WebApp->>IdP: Requests SAML Assertion with JWT IdP->>WebApp: Provides SAML Assertion WebApp->>XSUAA: Requests BTP JWT with SAML Assertion XSUAA->>XSUAA: Validates SAML Assertion -XSUAA->>WebApp: Provides BTS JWT -WebApp->>BTPApp: Sends request with BTS JWT as Authorization Header +XSUAA->>WebApp: Provides BTP JWT +WebApp->>BTPApp: Sends request with BTP JWT as Authorization Header +BTPApp->>WebApp: Response with Application data +WebApp->>User: Forward Application Data +``` + +## OAuth Token Exchange Flow + +```mermaid +sequenceDiagram +%% participants +participant User as User +participant WebApp as Web Application +participant IdP as Identity Provider +participant SAPIAS as SAP Identity Authentication Service +participant XSUAA as SAP BTP Authentication +participant BTPApp as SAP BTP Application +%% arrows +loop Setup +WebApp-->>IdP: Trust Configuration +IdP-->>XSUAA: Trust Configuration +end +User->>WebApp: Open App +WebApp->>IdP: Requests User Authentication +IdP->>User: Ask User for credentials and other factors +User->>IdP: Provides credentials and other factors +IdP->>WebApp: Provides JWT +WebApp->>User: Session Cookie +User->>WebApp: Request to SAP +WebApp->>SAPIAS: Requests BTP JWT with JWT +SAPIAS->>WebApp: Provides BTP JTW +WebApp->>BTPApp: Sends request with BTP JWT as Authorization Header BTPApp->>WebApp: Response with Application data WebApp->>User: Forward Application Data ``` + +## Embed SAP BTP App in Web Application + +```mermaid +sequenceDiagram +%% participants +participant User as User +participant WebApp as Web Application +participant IdP as Identity Provider +participant SAPIAS as SAP Identity Authentication Service +participant XSUAA as SAP BTP Authentication +participant BTPApp as SAP BTP Application +%% arrows +loop Setup +WebApp-->>IdP: Trust Configuration +IdP-->>XSUAA: Trust Configuration +end +User->>WebApp: Open App +WebApp->>IdP: Requests User Authentication +IdP->>User: Ask User for credentials and other factors +User->>IdP: Provides credentials and other factors +IdP->>WebApp: Provides JWT +WebApp->>User: Session Cookie +User->>WebApp: Request to SAP App +WebApp->>User: Provides SAP App in a IFrame +User->>BTPApp: Requests SAP App +BTPApp->>SAPIAS: Requests User Authentication +SAPIAS->>IdP: Requests User Authentication +IdP->>SAPIAS: OpenID Connect +SAPIAS->>BTPApp: Authenticated User +BTPApp->>User: Provides SAP App +```