Figure 3. The U2M Runtime Flow
User performs actions as shown in Figure 3:
- The user first authenticates within their own IdP, through that IdP’s interface, selecting to navigate to Cirrus application.
- The customer IdP returns a cookie session to the user and redirects to Cirrus.
- The user asks to execute a PowerX task against Cirrus.
- Cirrus redirects the request to the common IAM authorize endpoint.
- The Service Provider in the Common IAM authorizes the request.
- The Common IAM redirects the user to the customer IdP for authentication since the user does not have a session cookie against PowerX.
- Since the user already has a valid customer IdP cookie session, the user will not be asked to provide their credentials again and will authenticate with the customers IdP.
- The customer will be seamlessly redirected back to the common IAM with the customer IdP authorization code.
- The common IAM is passed the customer IdP authorization code.
- The Common IAM requests for the customer IdP to exchange the authorization code with an external token.
- The common IAM generates an internal authorization code.
- Internal authorization code is sent back to Cirrus.
- Cirrus sends the authorization code to the token endpoint.
- Common IAM service exchanges the authorization code for an internal token, which is then passed back to Cirrus.
- Cirrus uses the internal token to access PowerX Resources and Services.