Single Sign on Process Flow
-
Upload
chris-kelly -
Category
Documents
-
view
50 -
download
2
Transcript of Single Sign on Process Flow
1
2
3
6
4
5
7
89
10
1112
12
a
13
14
14
a14
b
15
16
17
12
b
PS DB
13
14
Browse
r
Web App Server
H
T
T
P
S
e
r
v
e
r
Access Manager
agent
Intercepts URL
request
Signon
PeopleCode
PS Page servlet
Set
Authentication
Result
Cache
objects
PS Application
server
1
2
6
3
7
Typical Enterprise Single Signon in PeopleSoft
Mem Cache
Disk Cache
BLOB
User Context
User
Repository
Policy
Repository
Other Access
manager
Resources
LDAP(usually)
Access Manager
and
Policy Server
L
i
b
e
r
t
y
Greg Kelly
Process steps
Typical Enterprise Single Signon in PeopleSoft
1 - Browser user requests protected resource (see Note) 11 - PS Page servlet issues JOLT request to PS Application Server with Default User ID and password
2 - Agent intercepts request and checks header payload for SSO related objects. If header is not populated, agent issues challenge page
12 - Signon PeopleCode is triggered to extract PS useer ID
3 - Browser user supplies credentials 12a - Optional 2
nd level authication, vendor supplied Java object
or BI forwards vendor token(s) and PS token to Access Manager
4 - Agent forwards credentials to Access Manager 12b - Access confirms token are still valid
5 - Access Manager confirms authentication 13 - Signon PeopleCode calls SetAuthenticationResult with PS User ID
6 - Agent populates header and issues redirect 14 - PSAPPSRV checks version of required objects, and requests objects if cached version is different or not available available
7 - Browser attempts to access the protected resource 14a - Objects are cached in memory
8 - Agent intercepts request and seeks authorization 14b - Objects are cached to disk
9 - Access Manager confirms authorization to protected resource
15 - Tokens, cookies, requested objects and user profile are serialized and passed back to Page Servlet
10 - Request is passed to application (PS Page servlet) 16 - Page Servlet caches user context in the BLOB cache
17 - Initial page is presented to user’s browser session
Steps 4 and 5: These steps use the user repository
Steps 8 and 9: These steps use the user and the policy repositories
Steps 13 and 14: These steps assume a valid user in the PeopleSoft user repository (PSOPRDEFN)
Note: If the user has been authenticated already, process passes directly from step 1 to step 8.