The following steps discuss the integration of Oracle Access Manager with Oracle Application Server.
(This is not applicable to a standalone oc4j.).
1. User accesses OAM protected application deployed on Oracle Application Server and webgate intercepts that request.
2. Webgate checks with the Access Server if the resource is protected.
3. When the resource is protected, Webgate prompts for the username and password (depends on authentication scheme selected for the resource in Policy Manager).
4. The credentials are validated by the Access Server against the LDAP server.
5. When authentication is successful, OAM cookie ObSSOCookie is set in the browser.
6. Upon successful authentication, Access System determines if the user is authorized to access the resource.
6. Upon successful authorization, Access system executes actions and sets HTTP Header variables that maps to the Oracle AS userid.
7. mod_osso (part of OSSO) intercepts the request and redirects to the Oracle SSO for authentication.
8. SSOOblixAuth.class is registered with OSSO and retrieives userid set in the HeaderVar by the OAM as part of Authz actions execution.
9. OSSO Cookie is set and user is redirected back to the requested URL.
10. Hence for any sub-sequent requests it uses ObSSOCookie as reference.
Note: The Header Variable name should be set as HTTP_REMOTE_USER.
No comments:
Post a Comment