How the Single Sign-On Server Uses Deployment-Specific Pages

The process that enables single sign-on pages can be summarized as follows:

1. The user requests a application and is redirected to the single sign-on server.

2. If the user is not authenticated, the single sign-on server redirects the user to the sample login page or to a deployment-specific page. As part of the redirection, the server passes to the page the parameters contained in Table A-2.

3. The user submits the login page, passing the parameters contained in Table A-3 to the authentication URL:

   http://sso_host:sso_port/oam/server/auth_cred_submit
   

   or

   https://sso_host:sso_ssl_port/oam/server/auth_cred_submit
   

   At least two of these parameters, ssousername and password, appear on the page as modifiable fields.

4. If authentication fails, the server redirects the user back to the login page and displays an error message.

5. To finish the single sign-on session, the user clicks Logout in the application he or she is working in. This act calls application logout URLs in parallel, logging the user out from all accessed applications and ending the single sign-on session.

6. The user is redirected to the single sign-on server, which presents the single sign-off page.