OAM with ADFS

OAM integration with ADFS, where ADFS is the IDP and OAM is SP. URLs are protected by WebGate/OAM. User accesses URL of applications protected by WebGate/OAM.

Following is the flow of the steps when user accesses the URL of protected Application

1. User logs in to Active Directory and gets a Kerberos ticket.
2. User launches their browser and points to Application's URL.
3. Webgate on the Application server intercepts the request and looks for a valid session cookie but the user does not have one.
4. Webgate redirects the browser to OAM for authentication. OAM determines that the web page is protected and that the authentication method is SAML. It looks for a valid SAML token but does not find one.
5. OAM redirects the browser to ADFS to get a SAML token.
6. ADFS, through Integrated Windows Authentication, validates the user authentication against Active Directory, and once successful, it creates a SAML token and redirects the browser back to OAM.
7. OAM reads the SAML token, creates a session cookie, and redirects the browser back to Webgate.
8. Webgate reads the valid session cookie and presents the browser with the requested Application page.

This is how authentication happens. NOTE: All of this is transparent to the user. It  happens in the background without any interaction with the user (after step 2, Step 1 is a step which has already taken place and is independent of the remaining flow of steps).  From there, the application does its authorization process to determine what the user is allowed to see/do inside the application.
The user logs into the AD which is tied to the ADFS which is mentioned in step 5, 6.

Comments

Popular posts from this blog

VMware fix for Invalid manifest and ova file import failed errors

Session Timeout in Oracle Access Manager

SOAPUI - import certificate