This sequence diagram above describes the flow of the user's experience during self-registration.
- User Browses to protected URL.
- Mod_Auth_PubTkt checks for mod_auth_pubtkt cookie. Not detected/invalid.
- User's browser is redirected Browser to GridGuard Server.
- User is prompted to enter their username.
- GridGuard lookups up username on the external user store to see if user exists and is authorized with a service account.
- Returns valid LDAP User data
- User displayed a Grid and asked to enter a GridCode and there network password.
- User enters their GridCode and Network password and submits the form.
- GridGuard attempts to authenticate the GridCode and network password.
- GridGuard binds with network password.
- Returns successful bind if the network password is correct.
- GridGuard binds with GridCode.
- Returns successful if GridCode is correct.
- Sets mod_auth_pubtkt cookie if authentication correct and cookie signed with private key.
- Displays page to redirect the user's browser to the originally requested protected URL.
- Browser requests protected URL.
- The Apache Web server verifies mod_auth_pubtkt cookie signature.
- Allows access to protected content if signature is correct.