Not to veer things off-course, but what is this Devops cookbook? I am a self-hosted customer and I performed many localized installations on-site. I am using AD and kerberos authentication, which requires changing the schemes and I have had no problems. Oracle development is fully aware of this change and has supported it throughout the process.
How exactly SSO with work with OIF-OAM integration If I don't change the authentication scheme from "FAAuthenticate" to "OIFScheme" ? . Only once I made the change, login request started being directed to OIF for SAML exchange with our IdP. Without that it keeps showing Fusion Applications login page.
That is correct. If you check the AuthnScheme definition in OAM, FAAuthnScheme is set to challenge the User using Forms based Local Authentication while the OIFScheme is set to challenge the User through delegation to a SAML Identity Provider using the OIF Service Provider.