Integrating Access Manager with Oracle SSO
The following steps discuss the integration of Oracle Access Manager with Oracle Application Server.
(This is not applicable to a standalone oc4j.).
1. User accesses OAM protected application deployed on Oracle Application Server and webgate intercepts that request.
2. Webgate checks with the Access Server if the resource is protected.
3. When the resource is protected, Webgate prompts for the username and password (depends on authentication scheme selected for the resource in Policy Manager).
4. The credentials are validated by the Access Server against the LDAP server.
5. When authentication is successful, OAM cookie ObSSOCookie is set in the browser.
6. Upon successful authentication, Access System determines if the user is authorized to access the resource.
6. Upon successful authorization, Access system executes actions and sets HTTP Header variables that maps to the Oracle AS userid.
7. mod_osso (part of OSSO) intercepts the request and redirects to the Oracle SSO for authentication.
8. SSOOblixAuth.class is registered with OSSO and retrieives userid set in the HeaderVar by the OAM as part of Authz actions execution.
9. OSSO Cookie is set and user is redirected back to the requested URL.
10. Hence for any sub-sequent requests it uses ObSSOCookie as reference.
Note: The Header Variable name should be set as HTTP_REMOTE_USER.
About the Author Mahendra
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com