Skip to content

Commit

Permalink
split documentation for SAML Bearer and Token Exchange
Browse files Browse the repository at this point in the history
  • Loading branch information
@gregorwolf
gregorwolf committed Mar 10, 2024
1 parent fc40733 commit 6bdd440
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 30 deletions.
39 changes: 39 additions & 0 deletions test/entra-id-oauth-token-exchange.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
## OAuth Token Exchange Flow

Configuration based on the SAP Community blog posts:

- [Exchange JWT token from Azure with token issued by SAP Cloud Identity Authentication Service](https://community.sap.com/t5/technology-blogs-by-sap/exchange-jwt-token-from-azure-with-token-issued-by-sap-cloud-identity/ba-p/13553444)
- [Connecting SAP IAS as a proxy to Azure AD using OpenID Connect](https://community.sap.com/t5/technology-blogs-by-members/connecting-sap-ias-as-a-proxy-to-azure-ad-using-openid-connect/ba-p/13534385)

```mermaid
sequenceDiagram
%% participants
participant User as User
participant WebApp as Web Application
participant IdP as Identity Provider
participant SAPIAS as SAP Identity Authentication Service
participant XSUAA as SAP BTP Authentication
participant BTPApp as SAP BTP Application
%% arrows
loop Setup
WebApp-->IdP: Trust Configuration
IdP-->SAPIAS: Trust Configuration
SAPIAS-->XSUAA: Trust Configuration
end
User->>WebApp: Open App
WebApp->>IdP: Requests User Authentication
IdP->>User: Ask User for credentials and other factors
User->>IdP: Provides credentials and other factors
IdP->>WebApp: Provides JWT
WebApp->>User: Session Cookie
User->>WebApp: Request to SAP
WebApp->>SAPIAS: Requests SAP IAS JWT with JWT
SAPIAS->>SAPIAS: Validates JWT
SAPIAS->>WebApp: Provides SAP IAS JTW
WebApp->>XSUAA: Requests BTP JWT with SAP IAS JTW
XSUAA->>XSUAA: Validates SAP IAS JTW
XSUAA->>WebApp: Provides BTP JTW
WebApp->>BTPApp: Sends request with BTP JWT as Authorization Header
BTPApp->>WebApp: Response with Application data
WebApp->>User: Forward Application Data
```
30 changes: 0 additions & 30 deletions test/entra-id-saml-bearer.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,36 +32,6 @@ BTPApp->>WebApp: Response with Application data
WebApp->>User: Forward Application Data
```

## OAuth Token Exchange Flow

```mermaid
sequenceDiagram
%% participants
participant User as User
participant WebApp as Web Application
participant IdP as Identity Provider
participant SAPIAS as SAP Identity Authentication Service
participant BTPApp as SAP BTP Application
%% arrows
loop Setup
WebApp-->IdP: Trust Configuration
IdP-->SAPIAS: Trust Configuration
end
User->>WebApp: Open App
WebApp->>IdP: Requests User Authentication
IdP->>User: Ask User for credentials and other factors
User->>IdP: Provides credentials and other factors
IdP->>WebApp: Provides JWT
WebApp->>User: Session Cookie
User->>WebApp: Request to SAP
WebApp->>SAPIAS: Requests BTP JWT with JWT
SAPIAS->>SAPIAS: Validates JWT Assertion
SAPIAS->>WebApp: Provides BTP JTW
WebApp->>BTPApp: Sends request with BTP JWT as Authorization Header
BTPApp->>WebApp: Response with Application data
WebApp->>User: Forward Application Data
```

## Embed SAP BTP App in Web Application

```mermaid
Expand Down

0 comments on commit 6bdd440

Please sign in to comment.