update

.github/workflows/automatic_image_genration.yml

@@ -52,8 +52,8 @@ jobs:
           echo "Processing PlantUML file: $file"
           output_dir=$(dirname "$file" | sed 's|^src/plantuml|images|')
           mkdir -p "$output_dir"
-          java -jar /usr/local/bin/plantuml.jar -tpng "$file" -o "$output_dir"
-          java -jar /usr/local/bin/plantuml.jar -tsvg "$file" -o "$output_dir"
+          java -jar /usr/local/bin/plantuml.jar -tpng "$file" -o "${PWD}/$output_dir"
+          java -jar /usr/local/bin/plantuml.jar -tsvg "$file" -o "${PWD}/$output_dir"
         done
 
     - name: Generate images from changed draw.io files
@@ -63,8 +63,8 @@ jobs:
           echo "Processing draw.io file: $file"
           output_dir=$(dirname "$file" | sed 's|^src/draw.io|images|')
           mkdir -p "$output_dir"
-          xvfb-run -a drawio -x -f png -o "$output_dir/$(basename "$file" .drawio).png" "$file"
-          xvfb-run -a drawio -x -f jpg -o "$output_dir/$(basename "$file" .drawio).jpg" "$file"
+          xvfb-run -a drawio -x -f png -o "${PWD}/$output_dir/$(basename "$file" .drawio).png" "$file"
+          xvfb-run -a drawio -x -f jpg -o "${PWD}/$output_dir/$(basename "$file" .drawio).jpg" "$file"
         done
 
     - name: Debug images folder

.gitignore

@@ -3,4 +3,5 @@
 *.tar.gz
 *.pyc
 __pycache__/
-var/
+var/
+console

components/fastapi-pip-pap/README.adoc

@@ -18,11 +18,11 @@ poetry install
 poetry shell
 ----
 
-The files to start the service in the `/components/fastapi-pip-pap` directory of the project.
+The files to start the service are in the `/components/fastapi-pip-pap` directory of the project.
 You need to `create bundle.tar.gz` files and place them in the `<config.yaml bundle_storage_path>/<application>/<version>/<bundleType>` directory.
 Example: `/var/tmp/fastapi-pip-pap/KIM/2.0/pap/bundle.tar.gz`
 
-The following command starts pip-pap-service on localhost:8200.
+The following command starts pip-pap-service on localhost:8080.
 [source,sh]
 ----
 python fastapi-pip-pap.py

src/plantuml/sm-b-auth.puml

@@ -16,6 +16,7 @@ end box
 box "Betreiber" #TECHNOLOGY
     box "ZT Cluster" #SandyBrown
         participant AuthS as "PEP\nAuthorization Server" 
+        participant HP as "http Proxy"
         participant PDP as "PDP"
     endbox
     box TI 2.0 Dienst #DarkSeaGreen
@@ -25,20 +26,22 @@ end box
 
 activate Client
 
+
 alt #White
-    activate AuthS
-    Client -> AuthS: GET /fd_ressource
-    AuthS --> Client: 401 Unauthorized; json body with Well-Known json Document
+    Client -> HP: GET /fd_ressource
+    activate HP
+    HP --> Client: 401 Unauthorized; json body with Well-Known json Document
 else 
     group Service Discovery for PEP/Authorization Server FQDN
     end
     Client -> AuthS: GET /.well-known/oauth-authorization-server 
+    activate AuthS
     AuthS --> Client: 200 OK; json body with Well-Known json Document
 end
 
 Client -> Client: generate DPoP keypair
 Client -> AuthS: GET /nonce
-return 200 OK new-nonce: nonce
+AuthS --> Client: return 200 OK new-nonce: nonce
 Client -> Client: create JWT with\n  nonce\n  Client and OS Information\n  DPoP Thumbprint
 Client -> Konnektor: externalAuthenticate JWT-hash
 activate Konnektor
@@ -70,11 +73,15 @@ AuthS -> Client: 200 OK, access token, refresh token, bound to DPoP
 deactivate AuthS
 Client -> Client: Create DPoP Proof for RS
 
-Client -> RS: Access resource (access token, DPoP)
+Client -> HP: Access resource (access token, DPoP)
+HP -> HP: verify access token and\nDPoP Binding
+HP -> RS: forward
 activate RS
-RS -> RS: verify access token and\nDPoP Binding\n\
-provide resource access
-RS -> Client: resource
+RS -> RS: provide resource access
+RS -> HP: resource
+deactivate RS
+HP -> Client: resource
+deactivate HP
 deactivate RS
 deactivate Client