Skip to content

Discovery

Discovery Management

There are two types of discovery flows in didmos2-auth: 1. Selection Based Discovery 2. Domain Based Discovery

Selection Based Discovery

Provides a screen, where a user can select one of the supported backends with which the user would like to authenticate herself. This flow is implemented by SelectionBasedDiscovery microservice. This is a request microservice, and if enabled, it comes next in line to the DismosSsoValidator microservice. The microservice has an endpoint which receives user's selection, and sets context.target_backend to route the request to a particular backend. Moreover, it also sets the sso_target_backend internal attribute with the value of the selection. This sso_target_backend internal attribute is used by the DidmosSsoCreator response microservice to set the targetBackend field of the didmos2_sso cookie.

Domain Based Discovery

Provides a screen, where a user could enter her email address. A target backend is selected based on the email address domain. Once the target backend is selected, the user is redirected to the backend screen where she authenticates herself. This flow is implemented by DomainBasedDiscovery microservice. This is a request microservice, and if enabled, it comes next in line to the DismosSsoValidator microservice. The microservice has an endpoint which receives user's selection, and sets context.target_backend to route the request to a particular backend. Moreover, it also sets the sso_target_backend internal attribute with the value of the selection. This sso_target_backend internal attribute is used by the DidmosSsoCreator response microservice to set the targetBackend field of the didmos2_sso cookie.

Both the DomainBasedDiscovery and SelectionBasedDiscovery microservices have the same parent class: DiscoveryService, which contains the following common logic:

Both the SelectionBasedDiscovery and DomainBasedDiscovery microservices checks the existence of didmos2_sso_session internal attribute. If it does not exist, then the microservices redirect to the discovery page: Selection Based or Domain Based. The microservices simply continue if there exists the didmos2_sso_session internal attribute.

Only one of the flows, and hence only one of the discovery microservices can be enabled at a time.