Federated Single Sign-On Authentication Process for Interactive User Interfaces

The following image shows the user authentication process in a federated environment for interactive user interfaces. The process uses Oracle Access Manager (identity management solution) and Oracle Webgate (gateway) for illustrative purposes, but you can use any identity management solution and gateway.

The steps in the federated SSO authentication process shown in this image (using Oracle Access Manager and Oracle Webgate for illustrative purposes) are:

1. A non-authenticated user requests a Siebel interactive UI protected by Oracle Webgate.

2. Oracle Webgate intercepts the request and redirects the user to Oracle Access Manager for authentication.

3. The user enters their credentials, Oracle Access Manager determines whether the federation SSO should occur and invokes the federation engine to create a SAML AuthN request.

   Oracle Access Manager redirects the user to the tenant's identity provider (IdP) with the SAML AuthN request.

4. The tenant's IdP processes the SAML AuthN request and authenticates the user if required.

5. The user's IdP creates an assertion containing the user data and session data, and redirects the user with an assertion to Oracle Access Manager.

6. Oracle Access Manager invokes the federation engine to validate the assertion and map it to a local user record. Oracle Access Manager creates a local session for the user, performs authorization policy evaluation and redirects the user to the protected resource.

7. If the user is authorized by Oracle Access Manager, then Oracle Webgate grants access to the protected resource.