John-Paul Robinson · 2bdad4ec · 44b39b90 · 2bdad4ec
--- a/xdmod_ood_integration.md

+ 8

− 8
+++ b/xdmod_ood_integration.md

+ 8

− 8
 @@ -12,8 +12,8 @@ sequenceDiagram
    Note right of OOD: Recognize user not logged in 
    Note right of OOD: Generate and sign SAML request
    Note right of OOD: Redirect to samltest.id login URL
-critical SAML Handshake
-    rect rgb(220,220,220)
+critical SAML Handshake (no established SSO session, login required)
+    rect rgb(255,204,204)
    OOD-->>+Browser Parent Frame: 302 Found (Redirect to idp)

    Browser Parent Frame->>+Samltest.id: GET /idp/profile/SAML2/Redirect/SSO 
 @@ -41,8 +41,8 @@ end
    Browser Parent Frame-->Browser iframe: 
        Note left of Browser iframe: Load iframe content
    
-critical iframe JS REST API calls
-    rect rgb(220,220,220)
+critical iframe JS REST API calls (unauthorized)
+    rect rgb(255,204,204)
    Browser iframe->>XDMoD: GET /rest/v1/users/current
        Note left of XDMoD: user not logged in 

 @@ -55,8 +55,8 @@ critical iframe JS REST API calls
    end   
 end
    Browser iframe->>XDMoD: GET /simplesaml/module.php/core/as_login.php?AuthId=default-sp&ReturnTo=%2Fgui%2Fgeneral%2Flogin.php
-critical SAML Handshake
-    rect rgb(220,220,220)
+critical SAML Handshake (established SSO session, no login required)
+    rect rgb(229,255,204)
    XDMoD-->>Browser iframe: 302 Redirect to IDP
    
    Browser iframe->>Samltest.id: SAML Request - GET /idp/profile/SAML2/Redirect/SSO?SAMLRequest= RelayState=https%3A%2F%2Fxdmod.rc.uab.edu%2Fgui%2Fgeneral%2Flogin.php
 @@ -75,8 +75,8 @@ critical SAML Handshake
 end
    XDMoD-->>Browser iframe: 200 OK (Response from XDMoD - HTML+JS)
    
-critical resume JS API calls
-    rect rgb(220,220,220)
+critical restart JS API calls (authorized)
+    rect rgb(229,255,204)
    Browser iframe->>XDMoD: GET rest/v1/users/current
    Note right of Browser iframe: Req cookies: SimpleSAML,SimpleSAMLAuthToken, PHPSESSID, xdmod_token