The following use cases focus on single sign-on enablement and do not describe authorization options:
Simple single sign-on integration is useful when an Oracle Access Manager instance is already deployed and configured to protect intranet enterprise applications. Additionally, OpenSSO Enterprise is deployed to protect the same intranet applications by honoring the user session obtained by Oracle Access Manager. In the following illustration, both OpenSSO Enterprise and Oracle Access Manager share the same user repository for user profile verification. OpenSSO Enterprise can also be configured to use the Ignore Profile option if it relies on the Oracle Access Manager session for attributes.
The following figure illustrates architecture in the simple single sign-on use case.
The following figure illustrates the process flow among components in the Identity Provider environment and Service Provider environment.
The SAML, ID-FF, and WS-Federation protocols provide cross-domain single sign-on among multiple trusted business entities. These protocols are also used in Identity Federation. Identity Federation involves an Identity Provider, also known as an authentication provider, and a Service Provider where the user authentication session at the Identity Provider is consumed. The following are common use cases in which Oracle Access Manager is enabled for federation protocols:
Enabling Oracle Access Manager for federation protocols in a Service Provider environment
Enabling Oracle Access Manager for federation protocols in an Identity Provider environment
In this example, Oracle Access Manager is the authentication provider in an Identity Provider environment and protects some of the intranet applications. OpenSSO Enterprise in this deployment resolves the single sign-on issues among enterprise applications in partner environments while Oracle Access Manager provides authentication.
The following two figures illustrate the process flow among components in the Identity Provider environment and Service Provider environment.
In this deployment, Oracle Access Manager is installed and configured in Service Provider Environment to protect legacy applications.
The following two figures illustrate the process flow among components in the Identity Provider environment and Service Provider environment.