SSO Component :
- OC4J_Security
- HTTP server
Options for Bouncing SSO
- Bounce SSO component only
- Bounce SSO and OID
Flow of SSO
- User first time tries to access application
- There is no login cookie, therefore it is redirected to SSO server
- SSO Returns username/password page to user.
- SSO Verified username/password with OID
- If password is OK, SSO return a token to client with list of all application that user has access. This token is stored in client as a cookie.
No comments:
Post a Comment