In this post, I will talk about the top down authentication flow that starts from a URL and goes all the way down to an authentication plug in which handles the authentication and authorization logic.
- To start with when a user enter a URL and requests for a resource.
- Web gate intercept and looks for that URL in the application domain.
- Remember that application domain is tightly coupled to the Web gate.
- Web gate matches all the URL or resources to say and matches with closest resource defined.
- Next it looks for authentication scheme that is defined to protect that resource.
- Authentication scheme in turn invokes Authentication module that is defined.
- It is here that you can define identification, Authentication, success, failure or any other steps or work flow that you want.
- Authentication module finally invokes Authentication plug in that points to a java code that performs the Auth or any other logic that you want to perform.
- You can pass in input parameters and get back the response.
- Auth Module can point to multiple Auth plug in at various steps that it defines.
- Auth Scheme defines things like form based, cert based or any other kind of Auth and what forms and Context that it will present. It also defines OAM server details as that is the one where Auth session is checked and kept for further requests.