Below are the steps involved in successfull authentication of user using Oracle access manager:
- When user try to access the URL (e.g.: www.mywebsite.com), the request will first hit the Webserver(OHS- Oracle Http Server).
- Webgate sitting on OHS intercept the request and redirect the request to Oracle access manager server to validate the authentication and authorization policies.
- OAM checks the policies, if the url is configured as 'Un Protected' then OAM will send the request back to webgate to allow to access the URL.If the URL is configured as protected resource then the OAM send back the challenging page url, where user need to provide the username and password to access that page.
- After user providing the valid userid and password, again the request will come to the OHS-Webgate. Webgate send the user authentication details to the OAM Server.
- OAM server validate the userid and password with directory services (ID store) like OID, OUD, ODSEE or any other Ldaps.
- Once OAM finds the user details are valid, it creates the session and few cookies for that user and send them to the webserver along with the URL need to access by the user.
- Webserver allows the request to access the URL of application server.
This is the basic flow of authentication of user login in OAM.