mirror of
https://github.com/yunionio/cloudpods.git
synced 2026-05-08 06:31:00 +08:00
122 lines
5.4 KiB
Go
122 lines
5.4 KiB
Go
// Copyright 2019 Yunion
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package saml // import "yunion.io/x/onecloud/pkg/cloudid/saml"
|
|
|
|
/*
|
|
|
|
+-----------------+ +----------------+
|
|
| CloudId Service | | Region Service |
|
|
+-----------------+ +----------------+
|
|
|
|
|
|
+----------+
|
|
|EnableSaml|
|
|
+-------------------+ +------------+ +----------+
|
|
| Cloudaccount | |Cloudaccount|
|
|
| (enabled|disable) | +------------+ +-----------+
|
|
+----________-------+ |DisableSaml|
|
|
_______/ \_______ +-----------+
|
|
___/ \____
|
|
+--------------+ +--------------+
|
|
| SamlProvider | | SamlProvider |
|
|
| (available) | | (not match) |
|
|
+--------------+ +--------------+
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Saml Check CronJob Task
|
|
|
|
+-------+
|
|
| Start |
|
|
+---|---+
|
|
|
|
|
|
|
|
v
|
|
+------------------------+ Yes +----------------------------------------+ No +---------------------+
|
|
| Is account enable saml | ----------------> | Is account has available saml provider |----------------> | Create saml provider|
|
|
+------------------------+ +----------------------------------------+ +---------------------+
|
|
| | |
|
|
| No | Yes |
|
|
| | |
|
|
v | |
|
|
+------+ | |
|
|
| End | <-----------------------------------------------<----------------------------------------------------
|
|
+------+
|
|
|
|
|
|
|
|
|
|
|
|
Saml Auth Login
|
|
|
|
+-------+
|
|
| Start |
|
|
+-------+
|
|
|
|
|
|
|
|
v
|
|
+-----------------------+ Yes +-----------------------------------------------+
|
|
|Is account enable saml |-------------> |Prepare tmp Role and set expired time for user |
|
|
+-----------------------+ +-----------------------------------------------+
|
|
| No |
|
|
| |
|
|
| |
|
|
| v
|
|
| +------------------+
|
|
| | Auth for console |
|
|
| +------------------+
|
|
| |
|
|
| |
|
|
v |
|
|
+------+ |
|
|
| End |<----------------------------------------------
|
|
+------+
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/
|