Overall Architecture

PlugSSO flow

Plug-Front is the frontend component normally running on the same box as reverse proxy e.g. nginx. Reverse proxy validates all traffic through Plug-Front. Plug-Front communicates with backend component Plug-Back for authentication and authorization. Plug-Back includes the PlugSSO configuration fully synchronized among all nodes.

Frontend and backend can be scaled. Plug-Front have one of the backends as elected and automatic failover to the next. Plug-Back is responsible for this election process giving load balancing of backend servers.

User Authentication Flow

PlugSSO flow authentication flow