Authentication is the step to verify an username- password/Credential for a user against a repository like LDAP or Database.
Single Sign On is when a already authenticated user is not prompted for credentials when an resource is accessed.
Oracle Access Manager (OAM) is an Oracle COTS (commercial off the shelf) product that can be configured to protect resources against credentials stored in a repository like LDAP or DB. Besides OAM, there are other products like Forgerock OpenAM (COTS) product, which can be configured to provide SSO, Federation Services.
OAM offers capabilities to configure resource protection against different schemes like LDAPSchema to validate user credentials against LDAP. BasicScheme for validation against Form based validation.
X509Scheme can be used to authenticate based on user certificate, against the DN stored in an LDAP over SSL
OAM offers robust capabilities to protect an resource (URL), that could be web application or a webservice call. The high level architecture for configuring authentication has an agent config, Host identifier, Resources (URLs) to protect, Authentication and Authorization schemes.
The authentication schemes are backed by plugins which is grouped under a authentication module.
Once the user is successfully authenticate, OAM or the Webgate (PEP), creates corresponding session and cookies on the browser.
Depending on the context there are different kinds of cookies that gets generated. Later in one of the article we will discuss the different cookie variables.