@startuml !pragma teoz true skinparam maxMessageSize 150 !unquoted function DRAW($x) return %set_variable_value($x, 1) !function addActor($part, $actor, $as) !if %variable_exists($part) actor "$actor" as $as !endif !endfunction !function addInterface($part, $interface, $as) !if %variable_exists($part) boundary "$interface" as $as !endif !endfunction !function addService($part, $service, $as) !if %variable_exists($part) control "$service" as $as !endif !endfunction !function addComponent($part, $component, $as) !if %variable_exists($part) participant "$component" as $as !endif !endfunction !function addQueue($part, $database, $as) !if %variable_exists($part) queue "$database" as $as !endif !endfunction !function addDatabase($part, $database, $as) !if %variable_exists($part) database "$database" as $as !endif !endfunction !unquoted function AtRegCreationReq() {{ class generateTokenRequest <<(S,#32DC32)SOAP Request>> { requestId : mandatory channelId : mandatory appliactionId : mandatory brandId : mandatory dbid : mandatory cin : mandatory lcin : optional blcin : optional bin : optional mfaId : optional expiry : optional } }} !endfunction !unquoted function AtRegCreationRes() {{ class generateTokenResponse <<(C,#32DC32)Response>> { requestId : mandatory responseCode : mandatory accessToken : mandatory errorDetails : optional } }} !endfunction !unquoted function CreateTokenReq() {{ class createTokenRequest <<(S,#32DC32)SOAP Request>> { dbid : mandatory brandId : mandatory bin : optional lcin : optional cin : mandatory otpsptoken : optional mfaId : optional expiry : optional } }} !endfunction !unquoted function CreateTokenRes() {{ class createTokenResponse <<(C,#32DC32)Response>> { requestStatusCode : mandatory accessToken : optional errorDetails : optional } }} !endfunction !unquoted function IAMCreateToken() {{ class tokenAssertion <<(A,#32DC32)Assertion>> { client_id : mandatory : Brand Specific grant_type : mandatory : Hardcoded DP assertion : mandatory : JWT content-Types : mandatory } }} !endfunction !unquoted function TokenAssertion() {{ class claims <<(C,#32DC32)JWT>> { cin : mandatory otppstoken : mandatory brand : mandatory dbid : mandatory blcin : optional bin : optional iss : mandatory sub : mandatory aud : mandatory exp : mandatory } }} !endfunction !unquoted function CLAIMS() {{ class claims <<(C,#32DC32)JWT>> { cin : optional brand : optional dbid : optional blcin : optional bin : optional channelId optional tpsId : optional iss : optional sub : optional aud : optional exp : optional details : Optional Claims } }} !endfunction !unquoted function IDENTITY() {{ class identityAssertion <<(A,#32DC32)Assertion>> { client_id : mandatory grant_type : mandatory assertion : mandatory : Signed JWT scope : mandatory } }} !endfunction '====DRAW Specific Diagrams by Comment/Uncommenting Line=== '====Only uncomment one line at a Time====================== 'DRAW(PART0) 'DRAW(PART1) 'DRAW(PART2) DRAW(PART3) 'DRAW(PART4) 'DRAW(PART5) 'DRAW(PART6) !ifdef PART0 title IAM External Third Party Token Generation Flow !endif !ifdef PART1 title AT-Reg Token Creation Flow !endif !ifdef PART2 title createToken(R4P) DBD Flow !endif !ifdef PART3 title SSOKey App2App Flow !endif !ifdef PART4 title Mobile SSO to Sensibill SDK Operations Part4 !endif !ifdef PART5 title RBS JWKS Public Key Refresh Part5 !endif !ifdef PART6 title RBS Sensibill GUID Involved Party Service Part6 !endif !ifdef PART1 || PART2 || PART3 ||PART4 actor user as u box "Mobile Device " #LightYellow 'boundary "TPP\(yolt)" as y boundary "<brand> Mobile App" as bma control "Device OS" as os boundary "Diaon FIDO \nSDK" as dfsdk end box !endif !ifdef PART0 || PART1 || PART2 || PART3 ||PART4 || PART6 box "AWS " #LightBlue participant "mPlatform\n PING Access" as mppa participant mPlatform as mp addService("PART0","ExternalThirdPartySSO MS","etpssoms") addService("PART1","SSOKey MS","ssoKms") addService("PART3","SSOKey MS\nApp2App","app2appms") end box !endif !ifdef PART0 || PART1 || PART2 || PART3 ||PART4 ||PART5 ||PART6 box "MDP XG45" #LightPink addService("PART0","ExternalThirdPartySSO","etpsso_mdp") addService("PART1","atregcreation_1_0","atreg_mdp") addService("PART2","createtoken","ct_mdp") addService("PART3","ping_val_soap_1_0 ","pvs_mdp") end box !endif !ifdef PART0 || PART1 || PART2 || PART3 ||PART4 ||PART5 ||PART6 box "DBD XI52" #LightYellow addService("PART0","ExternalThirdPartySSO","etpsso_dbd") addService("PART1","atregcreation_1_0","atreg_dbd") addService("PART2","idv_3_00","idv_dbd") addService("PART2","iam_r4p_createtoken_3_0 ","iamR4p_dbd") addService("PART3","sso_keygen_2_0a ","ssoKgen_dbd") addService("PART3","sso_app2app_1_0 ","app2app_dbd") addService("PART3","cics_gn_aud_1_0 ","genAud_dbd") end box !endif !ifdef PART0 ||PART1 || PART2 || PART3 ||PART4 ||PART5 ||PART6 box "IAM_Z5" #LightYellow participant "PING Access" as paZ5 participant "PING Federate" as pfZ5 end box !endif !ifdef PART0 ||PART1 ||PART1a || PART2 || PART3 ||PART4 ||PART5 ||PART6 box "Core Net" #PaleGreen addComponent("PART2","CIC's Host","host") addService("PART2","GN005WRP \nIdAndV Service","idvZ7") addComponent("PART3","CIC's Host","host") addService("PART3","GN00AWRP \nAudit Service","audZ7") addService("PART5","Ping Access \nJWKS ep","jwksep") 'participant "PF\n ref adapter" as r 'participant "PF\n Sensibill \n adapter" as s 'addComponent("PART0","PF ETP\n adapter", "etpa" ) addService("PART6","ESP","esp") addService("PART6","CIC's Host","host") end box !endif !ifdef PART4 ||PART5 box "Sensibill\nPAAS" #LightBlue participant "Users\n Api EP" as rapi participant "Authentication\n Api EP" as lapi participant "Reciept\n Api" as rcpapi participant "Authorisation\n Service" as as end box !endif '===PART 0 ETPToken Flow=== !ifdef PART0 '-------------------------- mp->etpssoms : Trigger External Third Party SSO note over etpssoms : Channel Agnositic\nETP Token Request Flow\nIdentity Claims + Optional Claims note over etpssoms : %retrieve_void_func('CLAIMS') etpssoms->etpsso_mdp : Invoke ETPToken Flow(JWT{client_id,Identity Claims,Optional Claims}) etpsso_mdp->etpsso_dbd : Invoke ETPToken Flow(JWT{client_id,Identity Claims,Optional Claims}) note over etpsso_dbd : <&key> Private Key from the Keystore etpsso_dbd->etpsso_dbd : Sign JWT note over etpsso_dbd : %retrieve_void_func('IDENTITY') etpsso_dbd->etpsso_dbd : Create Identity Assertion Request activate etpsso_dbd activate paZ5 activate pfZ5 paZ5->pfZ5 : POST /as/token.oauth2(assertion{JWT <&pencil>}>) note over pfZ5 : <&key> JWKS pfZ5->pfZ5 : ValidateSignatureonJWS pfZ5->pfZ5 : Route to ETP adapter(client_id) pfZ5->pfZ5 : Create JWT containing Claims(JWT) note right : The Access token generated by ping federate is a JWE token \nwhich is signed (with private key) and encrypted (with public key). note over pfZ5 : <&key> JWKS pfZ5<--pfZ5 : Signed JWT with (kid, alg) note over pfZ5 : ETP Public Key <&key> pfZ5->pfZ5 : Encrypt JWT with ETP Public Key note right : This requires ETP Public Key Onboarding paZ5<--pfZ5 : AT <&lock-locked> deactivate pfZ5 etpsso_dbd<-- paZ5 : AT <&lock-locked> deactivate paZ5 note right : {\n <&lock-locked> "access_token": "Signed JWT"\n"token_type":"Bearer"\n "expires_in" : "x"\n} etpsso_mdp<--etpsso_dbd : Return ETP (AT <&lock-locked> )Token etpssoms<--etpsso_mdp :: Return ETP (AT <&lock-locked> )Token deactivate etpsso_dbd mp<--etpssoms : Return Token to initiating Channel '-------------------------- !endif '===PART 1 AT-Reg Token Creation Service Flow=== !ifdef PART1 '-------------------------- bma->mppa : createATReg(AT-4RP) mppa->mp : createATReg(AT-4RP) activate mp note over mp : %retrieve_void_func('AtRegCreationReq') mp->atreg_mdp : generateATRegToken(req) note right : https://<ipaddress>:<port>/<brand>/mplatform/atregcreation/v1 atreg_mdp->paZ5 : generateATRegToken(req) note over paZ5 : validate SOAP Request alt Fail atreg_mdp<--paZ5 :Error mp<--atreg_mdp : Error mp<--mp : Handle Error end atreg_mdp<--paZ5 : Pass Through atreg_mdp->atreg_dbd: SOAP Request atreg_dbd->atreg_dbd:creates a JWT atreg_dbd->pfZ5 : JWT{cin, dbid, bin, lbin +config} note over pfZ5 : %retrieve_void_func('AtRegCreationRes') atreg_dbd<--pfZ5 : AT-Reg atreg_mdp<--atreg_dbd : AT-Reg mp<--atreg_mdp : AT-Reg '-------------------------- !endif '===PART 2 createToken(R4P) DBD Flow=== !ifdef PART2 '-------------------------- ct_mdp-> idv_dbd : createTokenRequest note over idv_dbd : %retrieve_void_func('CreateTokenReq') idv_dbd->host : createTokenRequest host->idvZ7 : IDV note over idvZ7 : %retrieve_void_func('CreateTokenRes') note over idvZ7 :{"custDetails" : { "customerId":"1001736847" , "dbId":"1412770165" , "blcin":"0" },\n"tokenDetails" : { "dpSeed": "", "accessToken": "ZGyxIGQ1mJYAmiqAMpCPhmhQ1OzR", "expires": "1555507864" }\n} host<--idvZ7 : A-T idv_dbd<--host : A-T idv_dbd->iamR4p_dbd : createR4PToken’ iamR4p_dbd->iamR4p_dbd : CheckBrandedTransactionResctriction iamR4p_dbd->iamR4p_dbd : Convert TokenClaims note over iamR4p_dbd : %retrieve_void_func('TokenAssertion') iamR4p_dbd->iamR4p_dbd : Genertae TokenAssertion note over iamR4p_dbd : %retrieve_void_func('IAMCreateToken') iamR4p_dbd->pfZ5 : POST /as/token.oauth2 {TokenAssertion} note over pfZ5 : %retrieve_void_func('CreateTokenRes') note over pfZ5 :{"custDetails" : { "customerId":"1001736847" , "dbId":"1412770165" , "blcin":"0" },\n"tokenDetails" : { "dpSeed": "", "accessToken": "rNcM5n9s44srfQA2LJQLdB4pDSZV", "expires": "1555511655" }\n} iamR4p_dbd<--pfZ5 : A-T idv_dbd<--iamR4p_dbd : A-T idv_dbd->host : Audit A-T ct_mdp<--idv_dbd : : A-T '-------------------------- !endif '===PART 3 SSOKey App2App Flow=== !ifdef PART3 '-------------------------- app2appms -> pvs_mdp : ?? pvs_mdp -> ssoKgen_dbd : ?? ssoKgen_dbd ->app2app_dbd : ?? app2app_dbd ->genAud_dbd : ?? '-------------------------- !endif '===PART 1 ETPToken Flow=== !ifdef PART1 '-------------------------- '-------------------------- !endif @enduml
Decode URL
Submit
amiga
aws-orange
black-knight
bluegray
blueprint
cerulean-outline
cerulean
crt-amber
crt-green
cyborg-outline
cyborg
hacker
lightgray
mars
materia-outline
materia
metal
mimeograph
minty
plain
reddress-darkblue
reddress-darkgreen
reddress-darkorange
reddress-darkred
reddress-lightblue
reddress-lightgreen
reddress-lightorange
reddress-lightred
sandstone
silver
sketchy-outline
sketchy
spacelab
spacelab-white
superhero-outline
superhero
toy
united
vibrant
Pure Javascript
PNG
SVG
ASCII Art