This graphic depicts how an HTTP client accesses OC4J using Single-Sign On and JAAS. The HTTP request is verified with the SSO. The username and password is verified against the users and roles defined within the JAAS Provider.