oauth2-openam-client.txt revision f26bb1d5890952bb63f72592b670e56bc8f081a5
@startuml oauth2-openam-client.png
/'
CCPL HEADER START
This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs 3.0 Unported License.
To view a copy of this license, visit
or send a letter to Creative Commons, 444 Castro Street,
Suite 900, Mountain View, California, 94041, USA.
You can also obtain a copy of the license at
See the License for the specific language governing permissions
and limitations under the License.
If applicable, add the following below this CCPL HEADER, with the fields
enclosed by brackets "[]" replaced with your own identifying information:
Portions Copyright [yyyy] [name of copyright owner]
CCPL HEADER END
Copyright 2012-2013 ForgeRock AS
To generate a sequence diagram from this file, process
it with PlantUML, http://plantuml.sourceforge.net/sequence.html
'/
title OAuth 2.0 Authorization Server and OpenAM Client
autonumber
participant "Resource Owner\nUser-Agent" as Owner
participant "Client\nOpenAM OAuth 2.0 Auth Module" as Client
participant "Authorization Server" as AuthzServer
participant "Resource Server\nProtected with OpenAM Policy Agent" as ResourceServer
Client->Owner: Redirect...
Owner->AuthzServer: ...to OpenAM OAuth 2.0 authorization server
Owner<->AuthzServer: Authenticate, and confirm authorization grant
AuthzServer->Owner: Redirect...
Owner->Client: ...with authorization code to redirect_uri
Client->AuthzServer: Authenticate, request access token with\nauthorization code, redirect_uri
AuthzServer->Client: If authorization code is valid, return access token
Client->AuthzServer: Request user profile information with access token
Client->Client: If configured, map user to local identity
Client->Owner: Redirect...
Owner->ResourceServer: ...with SSO token to protected resource
ResourceServer->Client: If authorized by OpenAM (not shown), return protected resource
@enduml