A Service-Oriented Architecture for Enabling Centralized Authentication Across WebLogic Domains

This paper:
A Service-Oriented Architecture for Enabling Centralized Authentication Across WebLogic Domains contains a few diagrams very clearly describe SOA and SAML together that provides a centralised security gateway. Example is given in WebLogic Web Server, but same principles apply to any web server. Likewise, LDAP is used to search user credentials but can use any mechanism, e.g. an account database for e-Commerce application.