src/main/asciidoc/reference-guide/architecture/architecture.adoc - syncope - Git at Google

 //
 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 //

 == Architecture

 Apache Syncope is made of several components, which are logically summarized in the picture below.

 [.text-center]
 image::architecture.png[title="Architecture",alt="Architecture"]

 === Keymaster

 The *_Keymaster_* allows for dynamic service discovery so that other components are able to find each other. +
 On startup, all other component instances will register themselves into Keymaster so that their references
 can be found later, for intra-component communication.

 In addition, the Keymaster is also used as key / value store for <<configuration-parameters, configuration parameters>>
 and as a directory for defined <<domains,domains>>.

 Two different implementations are provided, following the actual needs:

 . as an additional set of RESTful services exposed by the Core, for traditional deployments
 (also known as _Self Keymaster_);
 . as a separate container / pod based on https://zookeeper.apache.org/[Apache Zookeeper^], for microservice-oriented
 deployments.

 include::core.adoc[]

 === Web Access

 The *_Web Access_* component is based on https://apereo.github.io/cas/[Apereo CAS^].

 In addition to all the configuration options and features from Apereo CAS, the Web Access is integrated with Keymaster,
 Core and Admin UI to offer centralized configuration and management.

 === Secure Remote Access

 The *_Secure Remote Access_* component is built on https://spring.io/projects/spring-cloud-gateway[Spring Cloud Gateway^].

 In addition to all the configuration options and features from Spring Cloud Gateway, the Secure Remote Access is
 integrated with Keymaster, Core and Admin UI to offer centralized configuration and management.

 The Secure Remote Access allows to protect legacy applications by integrating with the Web Access or other third-party
 Access Managers implementing standard protocols as OpenID Connect or SAML.

 [[admin-console-component]]
 === Admin UI

 The *_Admin UI_* is the web-based console for configuring and administering running deployments, with full support
 for delegated administration.

 The communication between Admin UI and Core is exclusively REST-based.

 More details are available in the dedicated <<admin-console,usage>> section.

 [[enduser-component]]
 === End-user UI

 The *_End-user UI_* is the web-based application for self-registration, self-service and <<password-reset,password reset>>.

 The communication between End-user UI and Core is exclusively REST-based.

 More details are available in the dedicated <<enduser-application,usage>> section.

 === Third Party Applications

 Third-party applications are provided full access to IdM services by leveraging the REST interface, either via the
 Java <<client-library,Client Library>> (the basis of Admin UI and End-user UI) or plain HTTP calls.
	//
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.
	//

	== Architecture

	Apache Syncope is made of several components, which are logically summarized in the picture below.

	[.text-center]
	image::architecture.png[title="Architecture",alt="Architecture"]

	=== Keymaster

	The _Keymaster_ allows for dynamic service discovery so that other components are able to find each other. +
	On startup, all other component instances will register themselves into Keymaster so that their references
	can be found later, for intra-component communication.

	In addition, the Keymaster is also used as key / value store for <<configuration-parameters, configuration parameters>>
	and as a directory for defined <<domains,domains>>.

	Two different implementations are provided, following the actual needs:

	. as an additional set of RESTful services exposed by the Core, for traditional deployments
	(also known as _Self Keymaster_);
	. as a separate container / pod based on https://zookeeper.apache.org/[Apache Zookeeper^], for microservice-oriented
	deployments.

	include::core.adoc[]

	=== Web Access

	The _Web Access_ component is based on https://apereo.github.io/cas/[Apereo CAS^].

	In addition to all the configuration options and features from Apereo CAS, the Web Access is integrated with Keymaster,
	Core and Admin UI to offer centralized configuration and management.

	=== Secure Remote Access

	The _Secure Remote Access_ component is built on https://spring.io/projects/spring-cloud-gateway[Spring Cloud Gateway^].

	In addition to all the configuration options and features from Spring Cloud Gateway, the Secure Remote Access is
	integrated with Keymaster, Core and Admin UI to offer centralized configuration and management.

	The Secure Remote Access allows to protect legacy applications by integrating with the Web Access or other third-party
	Access Managers implementing standard protocols as OpenID Connect or SAML.

	[[admin-console-component]]
	=== Admin UI

	The _Admin UI_ is the web-based console for configuring and administering running deployments, with full support
	for delegated administration.

	The communication between Admin UI and Core is exclusively REST-based.

	More details are available in the dedicated <<admin-console,usage>> section.

	[[enduser-component]]
	=== End-user UI

	The _End-user UI_ is the web-based application for self-registration, self-service and <<password-reset,password reset>>.

	The communication between End-user UI and Core is exclusively REST-based.

	More details are available in the dedicated <<enduser-application,usage>> section.

	=== Third Party Applications

	Third-party applications are provided full access to IdM services by leveraging the REST interface, either via the
	Java <<client-library,Client Library>> (the basis of Admin UI and End-user UI) or plain HTTP calls.