My thoughts,
The design is that ERP Agent in PeopleSoft Integrations is typically front ended by a CA SSO WebAgent (with SessionLinker installed) OR CA SSO Access Gateway (includes SessionLinker).
CA SSO WebAgent OR CA SSO Access Gateway can work with CA SSO Policy Server to integrate with CA Advanced Authentication. Once all Authentication flows are completed (including Advanced Authentication); the Web Server OR CA Access Gateway will proxy the request to Application Server where the ERP Agent would consume the incoming SMSESSION from the front-end and create a login context (using PeopleCode and ERP Agent libraries) for the User (from the SMSESSION) within the Application Server /PeopleSoft space.
Regards
Hubert