Step-by-Step Overview

These are the basic steps involved in an interactive authentication.

1. The user attempts to access some protected content provided by a Moria2-enabled web service.

2. The service contacts Moria2 and requests an authentication session. Usually the service will ask for a number of user attributes. Also, the service must provide an URL back to the service; Moria2 will redirect the user back to this URL once the user has completed the login web page.

   Method used by service: initiateAuthentication (JavaDoc, SOAP Example, Java/Axis Example)

3. Moria2 checks the request against the stored service profile. If the request is valid then a URL to the login page is returned to the service.

4. The service redirects the user to the URL provided by Moria2 in step 3. Note that if the service delays more than the Moria2-configured timeout, the authentication session will be lost and the service will have to repeat from step 2.

5. The user types in his or hers credentials (user name, password, and organization) on the Moria2 login page.

6. If the credentials are valid, the user is redirected back to the URL given by the service in step 2. This URL will now contain a session key.

7. On receiving a redirect back to the URL given by the service in step 2, the service will now know that the user was successfully authenticated by Moria2.

8. The service can now extract the the session key (see step 6) from the URL. Using this session key, the service can contact Moria2 and request the actual values of the user attributes it asked for in step 2. Note that this session key can only be used once.

   Method used by service: getUserAttributes (JavaDoc, SOAP Example, Java/Axis Example)

9. Moria2 returns the requested attribute values.

10. The service now has the necessary information to authorize the user (or not, as the case may be) to access the protected content.

The service will only need to perform two SOAP calls and one HTTP redirect in order to accomplish this.