UseCases ADFSUserMapping

Case1: User has access to a protected web / topic (User list checking)

  • User clicks on protected Web
  • TWikiSession checks the web for access control *TWikiSession requests user authentication
    • redirect to login.cern.ch
  • User logs on (SSO, Nice Account)
    • User gets Twikiname
    • redirect to previous action
  • TWikiSession checks the TWikiName against access control settings in the web
  • User is allowed to view web -> display web
  • User clicks on protected topic
  • TWikiSession checks the TWikiName against access control settings in the topic
  • User is allowed to view topic -> display topic

Case2: User has access to a protected web/topic (ADFS groups checking)

  • User clicks on protected Web
  • TWikiSession checks the web for access control
  • TWikiSession requests user authentication
    • redirect to login.cern.ch
  • User logs on (SSO, Nice Account)
    • User gets Twikiname
    • ADFS groups get loaded
    • redirect to previous action
  • TWikiSession checks the TwikiName and/or ADFS_Groups against AC-settings in the Web preferences
  • User is allowed to view web -> display web
  • User clicks on protected topic
  • TWikiSession checks the TWikiName and/or ADFS_Groups against AC-settings in the Topic preferences
  • User is allowed to view topic -> display topic

Case3: User doesn't have access to a protected topic but to a web (ADFS)

  • User clicks on protected Web
  • TWikiSession checks the web for access control
  • TWikiSession requests user authentication
    • redirect to login.cern.ch
  • User logs on (SSO, Nice Account)
    • User gets Twikiname
    • ADFS groups get loaded
    • redirect to previous action
  • TWikiSession checks the TwikiName and/or ADFS_Groups against AC-settings in the Web preferences
  • User is allowed to view web -> display web
  • User clicks on protected topic
  • TWikiSession checks the TWikiName and/or ADFS_Groups against AC-settings in the Topic preferences
  • User has no access rights to the topic
  • Error message is displayed


Case4: User doesn't have access to a protected web but to a topic (ADFS)

  • User clicks on protected Web
  • TWikiSession checks the web for access control
  • TWikiSession requests user authentication
    • redirect to login.cern.ch
  • User logs on (SSO, Nice Account)
    • User gets Twikiname
    • ADFS groups get loaded
    • redirect to previous action
  • TWikiSession checks the TwikiName and/or ADFS_Groups against AC-settings in the Web preferences
  • User is not allowed to view web
  • Error message is displayed
  • User might be confused because he thinks he in the allowed ADFS group.
    • Note: write in documentation, that web could restrict topic settings


Case5: User tries direct link to topic but web is protected

  • User type in direct-link to a non-protected topic, but protected web
  • TWikiSession checks the topic for access control
  • TWikiSession checks the web for access control
  • TWikiSession requests user authentication
    • redirect to login.cern.ch
  • User logs on (SSO, Nice Account)
    • User gets Twikiname
    • ADFS groups get loaded
    • redirect to previous action
  • TWikiSession checks the TwikiName and/or ADFS_Groups against AC-settings in the Web preferences
  • User has no access rights to the topic
  • Error message is displayed


Case6: User has access to web and topic but AC settings are written wrong

  • User clicks on protected web
  • TWikiSession checks the web for access control
  • TWikiSession requests user authentication
    • redirect to login.cern.ch
  • User logs on (SSO, Nice Account)
    • User gets Twikiname
    • ADFS groups get loaded
    • redirect to previous action
  • TWikiSession checks the TwikiName and/or ADFS_Groups against AC-settings in the Web preferences
  • User is allowed to view web -> display web
  • User clicks on protected topic
  • TWikiSession checks the TWikiName and/or ADFS_Groups against AC-settings in the Topic preferences
  • ADFS group mistakenly wrong written e.g NIEC Users instead NICE Users
  • User has no access rights to the topic
  • Error message is displayed

* note: write in documentation -> case insensitive but strict matching!! propose: did you mean...? Or code: check first if ADFS available – trow diplay error if not

Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r3 - 2010-05-10 - unknown
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Main All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback