18 create OIDC connection between a configured authentik and 2 applications

README.md

@@ -1,6 +1,47 @@
-# 🎭 os2ID
-### Identity management based on open standards
+# 🪪 os2ID
+## Identity management based on open standards
 
+A modern identity and access management project, built for the cloud that provides Single Sign-On across OS2 delivered web-services.
+
+### 🔀 Dataflow
+
+```mermaid
+
+graph TD
+
+subgraph OS2
+    OS2ID[["⚙️ OSID"]]-.-|"🆔"|Users["🛢 User cache"]
+    OS2ID[["⚙️ OSID"]]-.-|"🏷️"|Roles["🏷️ Roles"]
+    Applikation1([OS2-Kommunikation])
+    Applikation2([OS2-Fildeling])
+end
+
+subgraph KK[Korsbæk Kommune]
+UserStore[("Users")]
+User
+end
+
+subgraph KOMBIT
+fkadg[[" ⚙️Fælleskommunal Adgangsstyring"]]
+end
+
+KOMBIT-->|"🆔+🏷️ SAML"|OS2ID
+
+User("user👩🏻‍💻")-->|"🆔 Single Sign On"|OS2ID-->|" 🎟️ Token"|Applikation2 & Applikation1
+UserStore-.-|"🆔+🏷️"|fkadg
+
+```
+
+## 📚 Documentation
+
+#### 🗂️ Project description:
+  [🇬🇧 in english](/docs/project_description.md#-os2id---identity-and-accessmanagent)
+
+  [🇩🇰 in danish](/docs/project_description.md#-os2id---identitets--og-adgangsstyring)
+
+  [🧩 High level architecture](/docs/High_Level_Architecture.md)
+
+---
 🎁 [How to contribute](CONTRIBUTING.md)
 
 ⚖️ [CODE OF CONDUCT (in danish for now)](https://github.com/OS2offdig/about/blob/main/CODE_OF_CONDUCT.md)

docs/Dataflow_component_architecture.md

@@ -0,0 +1,22 @@
+## Dataflow and component archihtecture
+
+```mermaid
+graph TD
+
+subgraph OS2ID["⚙️ OS2ID"]
+Roles[(Roles)]
+IDs[(IDs)]
+end
+
+subgraph KK[Korsbæk Kommune]
+UserStore[(UserDB)]---Sync[[Synclayer]]
+end
+
+subgraph KOMBIT
+fkadg[" ⚙️Fælleskommunal Adgangsstyring"]
+end
+
+KK-->|"🆔"|KOMBIT-->|"🆔 Identities/Metadata - SAML"|OS2ID-->|"🆔OIDC - JWT"|Applikation
+
+user("user👩🏻‍💻")-->|"🆔Login"|Applikation
+```

docs/High_Level_Architecture.md

@@ -0,0 +1,36 @@
+# High level architecture
+
+### This diagram provides a clear view of how applications interact with the OS2ID service and how the OS2ID service communicates with the Identity Providers either directly og through Middleware components that handles legacy IDPs.
+
+```mermaid
+graph LR
+
+subgraph B[OS2ID]
+    B1[(ids)]---|"⚙"|E[User\nManagement]
+end
+    A1[Application 1] -->|Token| B
+    A2[Application 2] -->|Token| B
+    A3[Application 3] -->|Token| B
+    A4[Application 4] -->|Token| B
+    A5[Application 5] -->|Token| B
+    B -->|API| D[Middleware]
+    B -->|API| C1[Identiteter]
+    B -->|API| C2[Identiteter]
+    D -->|Legacy API|C3[Identiteter \n Legacy IDP]
+    U["👤Admin"] -->|Web| B
+```
+
+
+---
+
+### Used terms: 
+
+*IDP:* [Identity provider](https://en.wikipedia.org/wiki/Identity_provider)
+
+*API*: [Application Programming Interface](https://en.wikipedia.org/wiki/API#1960s_and_1970s)
+
+*Token*: [Non-sensitive access method](https://en.wikipedia.org/wiki/Tokenization_(data_security))
+
+*Legacy API:* APIs with older standards like [SOAP](https://www.w3.org/TR/soap/)
+
+*Middleware:* [A component that bridges different standards](https://en.wikipedia.org/wiki/Middleware)

docs/project_description.md

@@ -0,0 +1,41 @@
+# 🪪 OS2ID - Identitets- og Adgangsstyring
+🇬🇧 [Read in english](#-os2id---identity-and-accessmanagent)
+
+### Formål
+OS2ID-projektet er et moderne identitets- og adgangsstyringsprojekt, bygget til skyen. Det er startet af OS2 Fællesskabet i samarbejde med leverandøren Semaphor. Projektets primære formål er at levere Single Sign-On (SSO) på en række OS2-leverede tjenester til vidensdeling og dokumentation.
+
+### Arbejdsproces
+Udviklingen af OS2ID foregår åbent og med fuld transparens. Alle kan få indsigt i projektet, og alle er velkomne til at bidrage. Bidrag følger standard Github-flowet - opret et issue og/eller tilbyd et bidrag via en Pull Request.
+
+### Understøttelse af OS2 fællesskabet
+OS2ID integreres med fælleskommunal adgangsstyring og tilbyder OS2-medlemmer adgang til de tjenester og webapps, som OS2 stiller til rådighed for fællesskabet. Alt dette med Single Sign On via deres kendte myndighedslogin.
+
+### Hvorfor en ny løsning?
+Efter gennemgang af en række eksisterende løsninger indenfor og udenfor OS2-fællesskabet, stod det klart, at der ikke var nogle eksisterende løsninger, der var sammensat som løskoblede og genbrugelige løsninger med lavt vedligehold. Målet var at bidrage til Open Source og genbruge komponenter, der overholdt en løskoblet, bygget til skyen, skalerbar løsningsarkitektur uden at skulle udvikle nyt middleware eller tilføje egne hjemmelavede services med et tungt efterfølgende vedligehold. Der var i arkitekturarbejdet stort fokus på at sammensætte en løsning, der kunne levere SSO via åbne standardteknologier og protokoller.
+Kort sagt, det er en løsning, der er bygget til fremtiden. 
+
+### Potentialer
+Ved at bruge moderne åbne standarder som OAuth2.0, SAML2.0 og OpenID Connect, sikrer vi, at vores løsning er kompatibel med en bred vifte af platforme og teknologier, og SSO kan dermed genbruges i flere OS2-produkter. Med en åben standardbase kan OS2ID tilpasses og udviddes for at imødekomme fællesskabets fremtidige behov og udfordringer.
+Det medfører at løsningen er fleksibel, skalerbar og klar til at tackle fremtidige udfordringer.
+
+
+# 
+
+# 🪪 OS2ID - Identity and accessmanagent
+### Following open standards
+🇩🇰 [Read in danish](#-os2id---identitets--og-adgangsstyring)
+
+### Purpose 
+The OS2ID project is a modern identity and access management project, built for the cloud. It was initiated by the OS2 Community in collaboration with the supplier Semaphor. The primary purpose of the project is to provide Single Sign-On (SSO) across a range of OS2-delivered services for knowledge sharing and documentation.
+
+### Work Process
+The development of OS2ID is open and fully transparent. Everyone can gain insight into the project, and everyone is welcome to contribute. Contributions follow the standard Github flow - create an issue and/or offer a contribution via a Pull Request.
+
+### Support for the OS2 community
+OS2ID integrates with municipal access management and offers OS2 members access to the services and web apps that OS2 makes available to the community. All this with Single Sign On via their known authority login.
+
+### Why a new solution?
+After reviewing a number of existing solutions within and outside the OS2 community, it became clear that there were no existing solutions that were composed as loosely coupled and reusable solutions with low maintenance. The goal was to contribute to Open Source and reuse components that complied with a loosely coupled, cloud-built, scalable solution architecture without having to develop new middleware or add own homemade services with a heavy subsequent maintenance. There was a great focus in the architectural work on assembling a solution that could deliver SSO via open standard technologies and protocols. In short, it is a solution that is built for the future.
+
+### Potentials
+By using modern open standards such as OAuth2.0, SAML2.0 and OpenID Connect, we ensure that our solution is compatible with a wide range of platforms and technologies, and SSO can thus be reused in several OS2 products. With an open standard base, OS2ID can be adapted and expanded to meet the community’s future needs and challenges. This means that the solution is flexible, scalable and ready to tackle future challenges.