This graphic depicts an HTTP client accessing OC4J using Single-Sign On and JAAS. The HTTP request is verified with the SSO. The username and password are verified against the users and roles defined within the JAAS Provider.