3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-03 20:36:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

docs: rm broken link (#2215)

Browse source 
* docs: rm broken link

The was the only image on this page that was also a link to the image, which failed with a 404 (which is the default Nginx 404 page, BTW).

* fmt and typo

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Alex Fornuto 2021-05-20 23:13:41 -05:00 committed by GitHub
parent 38a7591395
commit 8c56d64f31
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
docs/docs/architecture.md
View file

@ -4,38 +4,44 @@ lang: en-US
sidebarDepth: 0 sidebarDepth: 0
meta: meta:
- name: keywords - name: keywords
content: >- content: pomerium architecture
pomerium architecture
--- ---
## Architecture # Architecture
### System Level ## System Level
Pomerium sits between end users and services requiring strong authentication. After verifying identity with your identity provider (IdP), Pomerium uses a configurable policy to decide how to route your user's request and if they are authorized to access the service. Pomerium sits between end users and services requiring strong authentication. After verifying identity with your identity provider (IdP), Pomerium uses a configurable policy to decide how to route your user's request and if they are authorized to access the service.
![pomerium architecture diagram](./img/pomerium-system-context.svg) ![pomerium architecture diagram](./img/pomerium-system-context.svg)
### Component Level ## Component Level
Pomerium is composed of 4 logical components: Pomerium is composed of 4 logical components:
- Proxy Service - Proxy Service
- All user traffic flows through the proxy - All user traffic flows through the proxy
- Verifies all requests with Authentication service - Verifies all requests with Authentication service
- Directs users to Authentication service to establish session identity - Directs users to Authentication service to establish session identity
- Processes policy to determine external/internal route mappings - Processes policy to determine external/internal route mappings
- Authentication Service - Authentication Service
- Handles authentication flow to your IdP as needed - Handles authentication flow to your IdP as needed
- Handles identity verification after initial Authentication - Handles identity verification after initial Authentication
- Establishes user session cookie - Establishes user session cookie
- Stores user OIDC tokens in databroker service - Stores user OIDC tokens in databroker service
- Authorization Service - Authorization Service
- Processes policy to determine permissions for each service - Processes policy to determine permissions for each service
- Handles authorization check for all user sessions - Handles authorization check for all user sessions
- Directs Proxy service to initiate Authentication flow as required - Directs Proxy service to initiate Authentication flow as required
- Provides additional security releated headers for upstream services to consume - Provides additional security related headers for upstream services to consume
- Data Broker Service - Data Broker Service
- Retrieves identity provider related data such as group membership - Retrieves identity provider related data such as group membership
- Stores and refreshes identity provider access and refresh tokens - Stores and refreshes identity provider access and refresh tokens
- Provides streaming authoritative session and identity data to Authorize service - Provides streaming authoritative session and identity data to Authorize service
@ -47,10 +53,10 @@ In test deployments, all four components may run from a single binary and config
![pomerium architecture diagram](./img/pomerium-container-context.svg) ![pomerium architecture diagram](./img/pomerium-container-context.svg)
### Authentication Flow ## Authentication Flow
Pomerium's internal and external component interactions during full authentication from a fresh user are diagramed below. Pomerium's internal and external component interactions during full authentication from a fresh user are diagramed below.
After initial authentication to provide a session token, only the authorization check interactions occur. After initial authentication to provide a session token, only the authorization check interactions occur.
[![pomerium architecture diagram](./img/pomerium-auth-flow.svg)](/pomerium-auth-flow.svg) ![pomerium architecture diagram](./img/pomerium-auth-flow.svg)]