Use Cases:
Registration:
1. User login to IDP with IDP account
2. User login to SP using application login account.
3. SP does the SP initiated to send AuthnRequest saml2 to IDP
4. IDP consume AuthnRequest and generate Response saml2 with nameId alias to IDP
5. SP consume saml2 response and insert this nameId to application database associate with SP login username
6. Direct Login this user to application
Already Registration (SSO)
1. User login to IDP account
2. IDP send the Response saml2 with nameId alias
3. SP consume the Response saml2 and do a search to find the sp user login
4. Direct login this user to application
Un-Registration
1. User login to IDP account
2. IDP send terminate request saml2 to SP
3. SP removes nameId in the database and send success status saml2 to IDP
4. IDP removes nameId
This is persistent Federation, which nameId have to be saved from both side, IDP (Identity Provider) and SP (Service Provider), OpenSSO Express Builde 8 version is the only OpenSSO have the JDBC data store plugin build in. That is why we choose this version to do these use cases. Those are the sequence diagrams to illustrate the use cases above.
Diagrams:
Diagram: Registration SP initiated
Diagram: Already Registration