The mechanism here is same as how the multi domain SSO WORKS. IMPORTANTLY, all of the activities for form authentication are carried out between the browser and one web SERVER.

Now, suppose you want to access a resource http://www.B.com/pageB.html but still be authenticated by the login form on www.A.com.

• The authentication scheme required by pageB needs to have a redirect URL set to http://www.A.com.
• The WebGate at www.B.com redirects you to the NetPoint URL obrareq.cgi on www.A.com, with a query string that contains the original request (wu and wh).
• The WebGate on www.A.com will determine that you need to do a form login for that resource, so it will set the ObFormLoginCookie with the wu and wh values from the query string, but will set the ru field to /obrareq.cgi. WebGate on A then redirects your browser to the login form on A.
• When you post your credentials BACK to A, the ObFormLoginCookie is set back. WebGate on A authenticates your userid and password, sets the ObSSOCookie for the .A.com domain and redirects you back to the ru value from the ObFormLoginCookie, which is /obrareq.cgi.
• This time when your browser requests http://www.A.com/obrareq.cgi, it will pass the ObSSOCookie.
• WebGate will then redirect your browser back to the B webserver, http://www.B.com/obrar.cgi, with the cookie value and the original URL in the query string.
• The WebGate on www.B.com will EXTRACT the cookie value and set the ObSSOCookie for domain .B.com, and finally redirect you to http://www.B.com/pageB.html that you originally requested.

The mechanism here is same as how the multi domain SSO works. Importantly, all of the activities for form authentication are carried out between the browser and one web server.

Now, suppose you want to access a resource http://www.B.com/pageB.html but still be authenticated by the login form on www.A.com.