docs: add UML Sequence Diagram of SAML flow

author: mo khan <mo@mokhan.ca> 2025-03-27 13:59:31 -0600
committer: mo khan <mo@mokhan.ca> 2025-03-27 13:59:31 -0600
commit: c6327a5e1e885faaea022af011f40b40670f5c38 (patch)
tree: b9c23de4f9f937237f47f0c68a4acf917c63b3d1
parent: 3aa60cb4acc7201beb83b6a0ff61eafd9fcdcffe (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/doc/share/authz/DESIGN.md b/doc/share/authz/DESIGN.md
index 16134fe..0cf0fc0 100644
--- a/doc/share/authz/DESIGN.md
+++ b/doc/share/authz/DESIGN.md
@@ -39,6 +39,27 @@
 
 SAML Login Flow
 
+```plantuml
+@startuml
+Browser -> UI: Get dashboard
+UI --> Browser: Generate SAML <AuthnRequest /> and redirect to IdP
+
+Browser -> IdP: Deliver SAML <AuthnRequest />
+IdP --> Browser: Redirect to Login Page
+Browser -> IdP: Login
+IdP --> Browser: Generate SAML <AuthnResponse /> with <Assertion /> and redirect to UI
+
+Browser -> UI: Deliver SAML <AuthnResponse />
+UI --> IdP: Exchange <Assertion /> for Tokens
+UI --> Browser: Redirect to dashboard
+Browser -> UI: Get dashboard
+UI --> API: Request list of projects and provide Access Token
+API -> IdP: Validate token and check declarative policy
+API --> UI: Return list of projects as JSON
+UI --> Browser: Return list of projects as HTML
+@enduml
+```
+
 1. `GET http://ui.example.com/saml/new`
 1. `POST http://idp.example.com/saml/new`
 1. `GET http://idp.example.com/sessions/new?redirect_back=/saml/continue`
author	mo khan <mo@mokhan.ca>	2025-03-27 13:59:31 -0600
committer	mo khan <mo@mokhan.ca>	2025-03-27 13:59:31 -0600
commit	c6327a5e1e885faaea022af011f40b40670f5c38 (patch)
tree	b9c23de4f9f937237f47f0c68a4acf917c63b3d1
parent	3aa60cb4acc7201beb83b6a0ff61eafd9fcdcffe (diff)