30-4 Oracle Fusion Middleware Administrators Guide for Oracle WebCenter ■ Checks for the existence of an SSO cookie. ■ Checks policies to determine if the resource protected and if so, how? 4. The OAM server logs and returns decisions. 5. WebGate responds as follows: ■ Unprotected resource: resource is served to the user. ■ Protected resource: – Request is redirected to the credential collector – The login form is served based on the authentication policy – Authentication processing begins 6. User sends credentials. 7. OAM verifies credentials. 8. OAM starts the session and creates the following host-based cookies: ■ One per partner: OAMAuthnCookie set by 11g WebGates ObSSOCookie set by 10g WebGate using the authentication token received from the OAM server after successful authentication. Note: A valid cookie is required for a session. ■ One for OAM Server: OAM_ID 9. OAM logs Success or Failure. 10. OAM Credential collector redirects to WebGate and authorization processing begins. 11. WebGate prompts OAM to look up policies, compare them to the users identity, and determine the users level of authorization. 12. OAM logs policy decision and checks the session cookie. 13. OAM Server evaluates authorization policies and cache the result. 14. OAM Server logs and returns decisions 15. WebGate responds as follows: ■ If the authorization policy allows access, the request get redirected to mod_wl which in turn redirects the request to the WLS server where the WebCenter Spaces application is running, and from where desired content or applications are served to the user, as shown below: WebGate - mod_wl - Spaces [, Discussion, .. etc] -- Content is server to the authenticated user ■ If the authorization policy denies access, the user is redirected to another URL determined by the administrator.

30.2.2 Roadmap to Configuring OAM

The flow chart Figure 30–3 and table Table 30–1 in this section provide an overview of the prerequisites and tasks required to configure single sign-on for WebCenter using OAM. Configuring Single Sign-on 30-5 Figure 30–3 Configuring Single Sign-on for WebCenter Using OAM Table 30–1 shows the tasks and sub-tasks for configuring single sign-on for WebCenter using OAM. Table 30–1 Configuring Single Sign-on for WebCenter Using OAM Actor Task Sub-task Notes Administrator 1. Install and Configure OAM Install and configure OAM 10g or 11g

2. Configure the WebLogic domain for

OAM 2.a Configure the OID authenticator 2.b Configure the OAM identity asserter 2.c Configure the default authenticator and provider order 2.d Add an OAM SSO provider

3. Install and configure OHS

4. Perform additional configurations

as required 4.a Configure WebCenter Spaces for SSO 4.b Configure the discussions server for SSO