John-Paul Robinson
--- a/xdmod_ood_integration.md

+ 4

− 4
+++ b/xdmod_ood_integration.md

+ 4

− 4
 @@ -12,7 +12,7 @@ sequenceDiagram
    Note right of OOD: Recognize user not logged in 
    Note right of OOD: Generate and sign SAML request
    Note right of OOD: Redirect to samltest.id login URL
-critical SAML Handshake
+critical SAML Handshake (no established SSO session, login required)
    rect rgb(220,220,220)
    OOD-->>+Browser Parent Frame: 302 Found (Redirect to idp)

 @@ -41,7 +41,7 @@ end
    Browser Parent Frame-->Browser iframe: 
        Note left of Browser iframe: Load iframe content
    
-critical iframe JS REST API calls
+critical iframe JS REST API calls (unauthorized)
    rect rgb(220,220,220)
    Browser iframe->>XDMoD: GET /rest/v1/users/current
        Note left of XDMoD: user not logged in 
 @@ -55,7 +55,7 @@ critical iframe JS REST API calls
    end   
 end
    Browser iframe->>XDMoD: GET /simplesaml/module.php/core/as_login.php?AuthId=default-sp&ReturnTo=%2Fgui%2Fgeneral%2Flogin.php
-critical SAML Handshake
+critical SAML Handshake (established SSO session, no login required)
    rect rgb(220,220,220)
    XDMoD-->>Browser iframe: 302 Redirect to IDP
    
 @@ -75,7 +75,7 @@ critical SAML Handshake
 end
    XDMoD-->>Browser iframe: 200 OK (Response from XDMoD - HTML+JS)
    
-critical resume JS API calls
+critical restart JS API calls (authorized)
    rect rgb(220,220,220)
    Browser iframe->>XDMoD: GET rest/v1/users/current
    Note right of Browser iframe: Req cookies: SimpleSAML,SimpleSAMLAuthToken, PHPSESSID, xdmod_token