Sun OpenSSO Enterprise 8.0 Deployment Planning Guide

Federated Single Sign-On Use Cases

The SAML, ID-FF, and WS-Federation protocols provide cross-domain single sign-on among multiple trusted business entities. These protocols are also used in Identity Federation. Identity Federation involves an Identity Provider, also known as an authentication provider, and a Service Provider where the user authentication session at the Identity Provider is consumed. The following are common use cases in which Oracle Access Manager is enabled for federation protocols:

Using OpenSSO Enterprise to Enable Oracle Federation in an Identity Provider Environment

In this example, Oracle Access Manager is the authentication provider in an Identity Provider environment and protects some of the intranet applications. OpenSSO Enterprise in this deployment resolves the single sign-on issues among enterprise applications in partner environments while Oracle Access Manager provides authentication.

Figure 14–3 Oracle Access Manager Federation in an Identity Provider Environment

Oracle Access Manager Federation in an Identity
Provider Environment

The following two figures illustrate the process flow among components in the Identity Provider environment and Service Provider environment.

Figure 14–4 Process flow for Oracle Access Manager Federation in an Identity Provider Environment

Text-based, needs no further explanation.

Figure 14–5 Process flow for Oracle Access Manager Federation in an Identity Provider Environment (continued)

Text-based, needs no further explanation.

Using OpenSSO Enterprise to Enable Oracle Federation in a Service Provider Environment

In this deployment, Oracle Access Manager is installed and configured in Service Provider Environment to protect legacy applications.

Figure 14–6 Oracle Access Manager Federation in a Service Provider Environment

OpenSSO Enterprise spAdapter plug-in, custom
authentication module, and Oracle Access Manager custom authentication
scheme.

The following two figures illustrate the process flow among components in the Identity Provider environment and Service Provider environment.

Figure 14–7 Process Flow for Oracle Access Manager Federation in a Service Provider Environment

Text-based, needs no explanation.

Figure 14–8 Process Flow for Oracle Access Manager Federation in a Service Provider Environment (continued)

Text-based, needs no explanation.