In this topology, Oracle WebGate is installed on the Oracle HTTP Server. The HTTP Server must be configured in proxy mode for OpenSSO STS, and OpenSSO STS must be deployed on a supported web container.

When an administrator attempts to access OpenSSO STS, Oracle WebGate intercepts the request. Then Oracle Access Manager presents a login page. The administrator presents credentials, which are then authenticated to Oracle Access Manager. Once the administrator has been authenticated, the access request is redirected to the browser, and then to OpenSSO STS. OpenSSO STS is configured with the Oracle Access Manager authentication module, enabling Oracle Access Module to validate the administrator based on a list of allowed users. If the administrator is on the list of allowed users, then the administrator can access the OpenSSO STS console without having to present credentials.