Sun Java System Access Manager 7 2005Q4 Technical Overview

Initial HTTP Request

A user initiates a user session by using a browser to log in to a web—based application.

Figure 2–1 Initial HTTP Request

Details are explained in the following body text.

The following events occur:

  1. The user’s browser sends an HTTP request to the protected resource.

  2. The policy agent inspects the user’s request, and no session token is found.

  3. The policy agent contacts the configured authentication URL.

    In this example, the authentication URL it is set to the URL of the Distributed Authentication User Interface Service.

  4. The browser sends a GET request to the Distributed Authentication User Interface.

  5. The Session Service creates a new session, or data structure, and generates a session token. The session token is a randomly-generated string that represents the user.

  6. Authentication Service sets the session data structure in a cookie.

The next part of the user session is User Authentication.