It's likely to be a centralized identity provider, which might be used by multiple systems. It looks like it's using Oracle Application Server SSO. I'm not familiar with that specific product, but such a system might look like this:
User accesses target site.
The target site redirects to the user to the login server. The redirect includes a token which provides details about the original request. (The referer header could also be used, but it would make it harder to handle cases where the initial request was a POST instead of a GET request.)
The login server accepts the token, recognizes that the user isn't yet signed in, and prompts them to log in.
The user logs in to the login server.
The login server returns the user to the originally requested resource, providing information about the original request and the user's identity back to the application.
The application recognizes and trusts the identity assertion provided by the identity provider, so it handles the original request.
One advantage to this system is that the identity system is less coupled to the application consuming the SSO services. The identity provider is responsible for authenticating users, so individual applications don't have to be concerned with the mechanics of authenticating users.
An organization could also make large changes to the authentication process without each application having to be reconfigured for the new method. This could mean enhancing password-based logins with an RSA key fob, switching to Windows Integrated Authentication, moving users from a legacy LDAP system into Active Directory, and so on.
If multiple applications use the same identity provider, then you also get the benefit of single sign-on. This means that once you've logged in to one application, the process for accessing another integrated application becomes:
User accesses target site.
The target site redirects to the user to the login server. The redirect includes a token which provides details about the original request. (The referer header could also be used, but it would make it harder to handle cases where the initial request was a POST instead of a GET request.)
The login server recognizes the user from the existing session. It returns the user to the originally requested resource, providing information about the original request and the user's identity back to the application.
The application recognizes and trusts the identity assertion provided by the identity provider, so it handles the original request.
Note that since the user is already logged in to the identity provider, all that they'll experience is a few quick redirects.
21Why can't I go directly to the Oracle sign on page? Because Oracle – jimm-cl – 2015-03-05T20:36:32.677
3I bet that the sign in page works this way because there is no plain "You are now signed on" page. Instead, the sign in page needs to know where to send you. – Jon Onstott – 2015-03-05T20:49:17.797