Oracle Virtual Directory provides an abstraction layer that enables external directories to connect to OpenSSO STS. When OpenSSO STS receives a WS-Trust request with a UserName token (or UserName On-Behalf-Of token) as either an inbound or outbound token, OpenSSO STS validates the user, though Oracle Virtual Directory, against one of the connected directories. The following figure illustrates a typical topology using Oracle Virtual Directory and two LDAP directories.