Description of the illustration idcs_employee_dashboard_pattern_description

The image illustrates the design pattern used in the Employee Dashboard sample application. It includes a detailed flow to explain how security between Oracle Identity Cloud Service and Weblogic server can be integrated.

The main diagram has three major visual components:

  1. A pictograph of an end user

  2. A box labeled Custom Java App that contains a module called Employee Dashboard, written in Java

  3. A box labeled Oracle PaaS that contains the Oracle Identity Cloud Service

Note that Employee Dashboard is marked with an asterisk with a footnote that says: Can be hosted anywhere.

The detailed flow is presented as a three-step process that moves through the three major visual components, as follows:

  1. An administrator sets up a federation trust between 2 partners: a SAML Service Provider – the Java Application Server where Employee Dashboard (edashboard) is deployed – and a SAML Identity Provider, played by Oracle Identity Cloud Service.

  2. At runtime, the end user accesses edashboard. The Java Application Server verifies that federated authentication is required and redirects the user to Oracle Identity Cloud Service together with a SAML request.

  3. Oracle Identity Cloud Service receives the SAML request and, after validating user access, processes the request and redirects the user back to edashboard with an encrypted SAML response. The application server decrypts the response, associates the user id with its identity store, establishes the session, and returns the protected page to the user. The application server handles the authorization for all subsequent requests using the identity store information.