Java Agents and CDSSOAMBrowserBrowserJava App& AgentJava App& AgentCDCServletCDCServletPolicy, Session ServicesPolicy, Session ServicesAuthN ServiceAuthN Service1Browse to protected resource.No SSO token for resource domain, yet.2Set an amFilterCDSSORequest cookie,and redirect...The amFilterCDSSORequest cookie holdsinformation consumed when processingthe form submitted in 15.3...to CDCServlet.4If browser presents SSO token,request SSO token validation.5If SSO token is valid,skip to 14. Otherwise...6Redirect...7...to AM for authentication.8Authentication page9Submit credentials.10Set valid SSO token with AM domain name,and redirect...11...to CDCServlet.12Request SSO token validation13SSO token is valid.14Send self-submitting form withLiberty AuthN Response (LARES).15Form POSTs automatically to anagent endpoint thatconsumes the response.Policy agent extracts SSO token from LARES,Sets cookie domain to full URL of resource,Validates LARES attributes.16Redirect, with request to delete theamFilterCDSSORequest cookie...17...to protected resource.18Request SSO token validation19Response for SSO token validation20Request policy decision21Response for policy decision22Allow access & return resource,or deny access & return HTTP 403.