The document outlines a technical architecture involving a client network, mid-tier data layer, and various components such as web servers and load balancers for federating user identities and authorization processes. It specifies the flow of user authentication through an identity provider (IdP) and security modules managing access to a web application environment. Key elements include relay state management, external/internal DNS resolution, and the integration of directory and SQL servers for data access.

1. ClientNetworkMid-TierDataLayer
EndStart
Proxy Layer
Middleware
Virtual
Web Server
A User signed-in to their Portal and
invokes an IdP federation link to
federate into a Federated Service
Provider
Identity Authorization Layer
Federation
Web Servers
Web Gate
Access Management Layer
Virtual
Apache
OHS
Reverse Proxy
Web Gate
User’s Session now has the
credentials and will
redirect to RelayState
Service Provider
SecurityUser Flow
Software
Module
Back-end Service
DNS or
IP Range
Security
Module
AccessPoints
Project Name: Designed By:
Solutions Architect
Revision: 1.3Environment: DR Date: 12/6/2015
On-Prem
Service Provider
Web Application
Virtual
WebLogic
F5 Load Balancer
Apache OHS w/ WebGate
Load Balancer
User’s Session is automatically
redirected by definition of the
“RelayState” (from IdP) after
Credentials/Token is created
External/Internal
DNS Resolution
Internal Facing
Firewall
External
F5 Load Balancer
Listens on port 443
Virtual Directory
Layer
Virtual
Apache
Get
Authorization
forID
to generate
Token
Data Access
Directory Server 1
Directory Server 2
SQL Server 1
SQL Server 2
Web Gate
Get
Authorization
Get
Authorization
External Firewall
End-User
Load Balancer
Proxy to Authorization Layer
based on NameID in assertion
Federated "Service
Provider"
(aka. SP)
Abstracted Data
Repositories