Initial HTTP Request (Sun Java System Access Manager 7.1 Technical Overview)

Sun Java System Access Manager 7.1 Technical Overview

Initial HTTP Request

When a user initiates a user session by using a browser to log in to a web-based application, the events in the following illustration occur. The accompanying text describes the process.

Figure 2–1 Initial HTTP Request

Initial HTTP request in user session. Details
are explained in the accompanying body text.

The user’s browser sends an HTTP request to the protected resource.
The policy agent inspects the user’s request and finds no session token.
The policy agent contacts the configured authentication URL.

In this example, the authentication URL it is set to the URL of the Distributed Authentication User Interface Service.
The browser sends a GET request to the Distributed Authentication User Interface.
The Session Service creates a new session (session data structure) and generates a session token. The session token is a randomly-generated string that represents the user.
The Authentication Service sets the session token in a cookie.

The next part of the user session is User Authentication.