User Re-authentication
The following is the process overview that occurs when you attempt to re-authenticate from Oracle Argus Safety while performing privilege activity within the Case or Report workflow like Case Lock or Unlock, etc. Initial login does not utilize the re-authentication URI.
-
Assumptions
- Service Provider IDM (like OAM) supports Re-authenticate URI and sets the last re-authentication header every time a user is re-authenticated.
- Re-authentication headers and URI are configured in Argus Console > System Management > Single Sign-On.
-
Logical flow
- When you try to re-authenticate, say in case lock, a case locking authentication pop-up appears, where you re-authenticate yourself.
- When re-authentication is enabled, an Authorize link is provided instead of the Password field.
- On click of the Authorize link, you are redirected the IdP Login page, where the you enter your login credentials.
- IdP authenticates your credentials and responds to the Service Provider through the SAML assertions.
- Service Provider sets the Re-authentication HTTP Header value and redirects the request to Oracle Argus Safety post authentication process page.
- In the Case Locking screen, the signature icon changes to green and you can continue with the case lock operation.