The intent of this document is to provide a step by step guide for the configuration and installation of a passive claims-based authentication application. A simple passive claims-based mechanism is illustrated in the below list:
1. User accesses a website (https://obiee-server.us.oracle.com:9804/analytics) to consume its services via a web browser. Such websites are called relying parties.
2. If the user is not authorized to use the relying party, the web application redirects the user to a token issuer / Identity provider (AD FS 2.0 – https://adfs -server.us.oracle.com/adfs/ls).
3. The token issuer prompts the user to enter his credentials.
4. The identity provider uses these credentials to query one claim (such as Name, Common Name, email, sAMAccountName, etc.) from an attribute store (Active Directory).
5. Following this step, the issuer produces a signed SAML2.0 token with these claims and sends this token to the browser.
6. The browser then sends this signed token to the relying party, subsequently the latter validates this token, authorizes the user to consume its services and sends a cookie (to be used for single sign-on) and the required data back to the user.
Download the document here: //cdn.app.compendium.com/uploads/user/e7c690e8-6ff9-102a-ac6d-e4aebca50425/f4a5b21d-66fa-4885-92bf-c4e81c06d916/File/82cfa14f8f5617c24e5ad41f66a82779/adfs_idp_saml_2_0_web_sso_implementation_for_obiee_single_node.pdf describes step by step how to configure ADFS Saml v2 identity provider, with OBIEE service provider for Web SSO.