5.6 Authentication Flow

Figure 5-1 describes the authentication flow of OracleAS Single Sign-On support in Oracle Forms the first time the user requests an application URL that is protected by Oracle Application Server Single Sign-On:

Figure 5-1 Authentication Flow for First Time Client Request

Authentication flow when client makes initial request.

The user requests a Forms URL similar to http(s)://<hostname>:<port>/forms/frmservlet?config=<application>&...
The Forms Servlet redirects the user to the OracleAS Single Sign-On server.
The user provides user name and password through Login form.
The password is verified through Oracle Internet Directory (LDAP Server).
The user gets redirected to the URL with sso_userid information.
Forms Servlet gets the database credentials from Oracle Internet Directory.
Forms Servlet sets the user ID parameter in the Runform session and the applet connects to the Forms Listener Servlet.
Forms Servlet starts the Forms Server.

Figure 5-2 describes the authentication flow of Oracle Application Server Single Sign-On support in OracleAS Forms Services when a user, authenticated through another Partner Application, requests an application that is protected by Oracle Application Server Single Sign-On.

Figure 5-2 Authentication Flow for Subsequent Client Requests

The user requests Forms URL.
Forms Servlet redirects the user to the OracleAS Single Sign-On Server.
The user gets redirected to the URL with sso_userid information.
Forms Servlet gets the database credentials from Oracle Internet Directory.
Forms Servlet sets the user ID parameter in the Runform session and the applet connects to the Forms Listener Servlet.
Forms Servlet starts the Forms Server.