1. Security Administration Guide
  2. Single Sign-On Architecture

Single Sign-On Architecture

Single sign-on with OAM requires an EnterpriseOne HTML Server configuration with an application server, such as Oracle WebLogic Server 10g, that contains a J2EE container, which is required for the Java servlets and Java code to run. In addition, WebGate must be installed on an Oracle HTTP Server, and it must be configured to protect the EnterpriseOne URLs that are used to access the HTML Server.

This illustration shows the integration environment and process flow:

JD Edwards EnterpriseOne Single Sign-On through Oracle Access Management

The following steps describe the single sign-on process:

  1. A user attempts to access an EnterpriseOne program by entering a URL to the EnterpriseOne web client in a web browser.

  2. A WebGate deployed on the EnterpriseOne HTTP Server intercepts the request.

  3. The WebGate checks OAM to determine whether the resource (EnterpriseOne URL) is protected.

  4. If a valid session does not exist and the resource is protected, WebGate prompts the user for credentials through the OAM login page.

  5. After the user enters the single sign-on user ID and password on the OAM login page, the WebGate captures the user credentials and sends them to OAM for authentication.

  6. OAM compares the user credentials against the Oracle Internet Directory (OID).

    1. If the user's single sign-on credentials are not in OID, OAM notifies WebGate and the user is denied access to EnterpriseOne.

    2. If OAM finds the user's single sign-on credentials in OID, OAM authenticates the credentials.

  7. If the credentials are validated, the user gains access to the EnterpriseOne web client.

  8. If a valid session already exists and the user is authorized to access the resource, WebGate redirects the user to the requested EnterpriseOne resource.