Breaking the Kubernetes Kill Chain: Host Path Mount
DIWD Concordia
1.
2.
3.
4.
5. The Matrix Front channel attributes Back channel attributes Authn SSO SLO OpenID SAML Infocards WS-Fed ID-WSF OAuth Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Paul Mary Patrick
21. Bootstrap Flow Identity Selector Browser Extension & Client App Identity Provider Relying Party Website or App Cards are generated and downloaded from here. Token Service issues tokens as requested by Selector. Cards are stored and selected here Tokens containing claim data are requested and received here ( tag on Website contains a reference for an ID-WSF service)
22. ID-WSF integration- Higgins IdP Identity Selector IdAS LDAP Server ID-WSF Layer ID-WSF Personal Profile Service ID-WSF CP LDAPCP PP CP I-card Services DS IS AS ID-WSF STS
26. SP-Initiated SAML Brokerage.com Identity Provider Calculators.com Service Provider Browser 1. SAML MetaData Exchange (i.e. Certs/Keys, EndPoints) 5. User redirect back with SAML Token 4. User Authenticates & Handles User Consent 3.User redirect with SAML AuthN Request 6. Get Account Balances with SAML Token 2. View Calculators 7. Display Calculators API
27.
28. OAuth Brokerage.com Oauth Service Provider Calculators.com OAuth Consumer Browser 1. Consumer Key and Secret 6. User Redirect back with Authorized Request Token 5. User Authenticates & Handles User Consent 4. User Redirect with Unauthorized Request Token 8. Get Account Balances with Access Token 2. View Calculators 3. Get Unauthorized Request Token 7. Exchange Authorized Token for AccessToken API 10. Display Calculators
29.
30. SAML + oAuth Brokerage.com Identity Provider Calculators.com Service Provider Browser 1. SAML MetaData Exchange (i.e. Certs/Keys, EndPoints) 5. User redirect back with SAML Token + oAuth Authorised Token 4. User Authenticates & Handles User Consent 3.User redirect with SAML AuthN Request + oAuth Unauthorized Token 2. View Calculators 8. Display Calculators API 7. Get Account Balances with Access Token 6. Exchange Authorized Token for AccessToken