Configuring Single sign-on (SSO) between WebCenter components and/or other partner applications is an important part of WebCenter setup. OAM configuration with a WebCenter application is covered in detail in the WebCenter Admin Guide on OTN. Other solutions that can leveraged for SSO are SAML (“built-in” solution in WebLogic Server), Oracle SSO (OSSO), Windows Native Auth (WNA), etc. Each one has different setup requirements but the following few common “concepts” and functional points exist across the board.
Policy Decision Point (PDP): Point that evaluates and makes (authorization) decisions
Policy Enforcement Point (PEP): Point which intercepts a request and channels it to the PDP
Policy Administration Point (PAP): Points which help manage and administer policies
Identity Assertion Provider (IAP): A type of Authenticator that allows users or processes to assert their identity based on tokens (specific to the SSO solution)
The figure below shows where these functional points are. If you note, the Webgate, an out-of-the-box plugin that intercepts HTTP requests and forwards them to the Access Manager is the PEP and the Access Server the PDP. It also shows the sequence of the events in Single sign-on process.