Sun OpenSSO Enterprise 8.0 Deployment Planning Guide

Understanding Typical Business Use Cases

A company uses the following services and federation protocols to manage employee benefits:

The company itself acts as an Identity Provider, managing employee information in its corporate user database. The Identity Provider enables employees to access any of the three Service Providers through an employee portal. The Health Care Service Provider uses the SAMLv2 federation protocol. The Retirement Plan Service Provider uses ID-FF1, and the Stock Plan Service Provider uses WS-Federation. The Identity Provider is configured as a Multi-Federation Protocol Hub and provides single sign-on and single logout across all these services.

The following figures illustrates a typical Multi-Federation Protocol Hub process flow.

Figure 8–2 Process Flow for Single Sign-On Using a Multi-Federation Protocol Hub

Applications use SAMLv2, ID-FF1, and WS-Federation

The following figure illustrates the process flow for Single Logout using the Multi-Federation Protocol Hub.

Figure 8–3 Process Flow for Single Logout Using the Multi-Federation Protocol Hub

Text based, needs no further explanation.