The figure below illustrates OpenIG integrated into an OpenAM deployment. In this deployment OpenIG is running in a container that is protected by an OpenAM policy agent. The agent is configured to forward a header, with the subject (user) of the single sign-on session, to OpenIG. OpenIG then uses the subject as the login credentials, or uses the subject as a reference to look up the login credentials in a database or directory. The HR application is integrated into the SSO deployment without an agent or any modification to the application or its deployment configuration.
-
User browses to the Portal.
-
OpenAM plugin intercepts the request, finds no valid OpenAM session, redirects the user to the OpenAM login pages.
-
OpenAM logs in the user and redirects back to the Portal.
-
OpenAM plugin finds a valid session, request goes through, OpenIG passes the request through to the Portal.
-
Portal finds no local session, redirects to the Portal login page.
-
OpenIG inspects the redirect, finds a match for the login page, creates the login form, and POSTs it to the Portal.
-
Portal validates the credentials and redirects to the Portal page.
-
Gateway passes the request through to the browser.
