Changes
/* Architecture and flow (OIDC) */
## The content web service checks whether the {{UBIK}} session is valid.
## The content web service processes the app's request, including an interaction with a 3rd party service. For authorization, it sends along the SSO token the app provided before.
The above diagram explains the authorization code flow using OIDC, applied to {{UBIK}}. For SAML, the only real difference is the reception of the IdP's response at the app, which happens via a mediator server in that case, necessarily (the SAML protocol does not support redirecting the result to a mobile app).
[[Category:SSO|Single Sign-On]]
= See also =
* [[HowTo:Integrate_UBIK_in_an_SSO_Environment|How to integrate {{UBIK}} in an SSO environment]]
[[Category:SSO|Single Sign-On]]