Clie

nt

Net

wo

rkM

id-T

ier

Dat

a La

yer

EndStart

Proxy Layer

Middleware

VirtualWeb Server

A User signed-in to their Portal and invokes an IdP federation link to

federate into a Federated Service Provider

Identity Authorization Layer

Federation Web Servers

Web Gate

Access Management Layer

Virtual

Apache

OHS Reverse Proxy

Web Gate

User’s Session now has the credentials and will

redirect to RelayState

Service Provider

SecurityUser FlowSoftware Module

Back-end Service

DNS or IP Range

Security Module

Access Points

Project Name: Designed By: Solutions Architect

Revis ion: 1.3Environment: DR Date: 12/6/2015

On-Prem Service Provider

Web Application

Virtual

WebLogic

F5 Load BalancerApache OHS w/ WebGate

Load Balancer

User’s Session is automatically redirected by definition of the “RelayState” (from IdP) after Credentials/Token is created

External/Internal DNS Resolution

Internal Facing Firewall

External F5 Load BalancerListens on port 443

Virtual DirectoryLayer

Virtual

Apache

Get Authorization

for IDto generate

Token

Data Access

Directory Server 1Directory Server 2

SQL Server 1SQL Server 2

Web Gate

Get Authorization

Get Authorization

External Firewall

End-User

Load BalancerProxy to Authorization Layer

based on NameID in assertion

Federated "Service Provider" (aka. SP)

Abstracted Data Repositories