Versions Compared

Old Version 2

changes.mady.by.user trscavo@idp.protectnetwork.org

Saved on

compared with

New Version 3

changes.mady.by.user trscavo@idp.protectnetwork.org

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Authenticate via X.509.
  2. Permit access based on identity? If so, return ALLOW; otherwise continue.
  3. Consume all pushed SAML assertions bound to the certificate at the well-known certificate extension.
  4. Permit access based on pushed attributes? If so, return ALLOW; otherwise continue.
  5. Pull attributes based on Subject Information Access (SIA) and Subject Alt Name extensions? If so, skip to step 9; otherwise continue.
  6. Pull attributes based on bound SAML? If so, skip to step 9; otherwise continue.
  7. Pull attributes based on Classic GridShib? If so, skip to step 9; otherwise continue.
  8. Return DENY.
  9. Query for attributes. Consume all returned SAML assertions.
  10. Permit access based on combined pushed and pulled attributes? If so, return ALLOW; otherwise return DENY.

Image Added
Here's more detail for steps 5, 6, and 7.

...