Thursday, May 31, 2012

Sample External Login.jsp page for Oracle Access Manager 11g

One of the more popular posts on our blog was a post I made a while back about how to configure OAM 11g to use an externally hosted custom login page and how to write such a login page.

When I originally wrote that post I included only snippets from a JSP page that represents an external OAM login form.

I have updated that post with a full sample login.jsp that functions as an external login form for OAM 11g.  The code is also included below.

To review, to work as an external login form the login page code must do the following:

• You need to post back to the OAM server to the URI: “/oam/server/auth_cred_submit”. Note that in my sample, I’m posting to a load balancer VIP over SSL which will route the post to one of the OAM servers in my cluster.

• You need to post variables “username” and “password”

• You need code that will grab the request_id off of the query string and post it (as a hidden form variable) as well.

The Code

    <%@ page contentType="text/html; charset=iso-8859-1" language="java" %>
    <%
    String error=request.getParameter("error");
    if(error==null || error=="null"){
    error="";
    }
    String paramName = "request_id";
    String reqId  = request.getParameter( paramName );

    %>
    <html>
    <head>
    <title>User Login JSP</title>
    <script>
    function trim(s)
    {
    return s.replace( /^\s*/, "" ).replace( /\s*$/, "" );
    }

    function validate()
    {
    if(trim(document.frmLogin.sUserName.value)=="")
    {
    alert("Login empty");
    document.frmLogin.sUserName.focus();
    return false;
    }
    else if(trim(document.frmLogin.sPwd.value)=="")
    {
    alert("password empty");
    document.frmLogin.sPwd.focus();
    return false;
    }
    }
    </script>
    </head>

    <body>
    <p>Acme Clinical Applications Login Screen - OAM edition</p>
    <p>
      &nbsp;
    </p>
    <div><%=error%></div>
    <form name="frmLogin" onSubmit="return validate();" action="http://authbootcamp.us.oracle.com/oam/server/auth_cred_submit" method="post">
      <p>
        User Name<input type="text" name="username"/><br/>Password &nbsp;<input type="password"
                                                                                 name="password"/>
        <input name="request_id" value="<%=reqId%>" type="hidden">  <br/>
      </p>
      <p>
        <input type="submit" name="sSubmit" value="Submit"/>
      </p>
    </form>
    </body>
    </html>

Thursday, May 24, 2012

Deploying OAM 11g Correctly Part 2 – Logins and SSL

This is another post in our OAM 11g Academy series. To view the first post in the series which will be updated throughout to contain links to the entire series, click here: http://fusionsecurity.blogspot.com/2011/02/oracle-access-manager-11g-academy.html

A couple months ago Chris wrote a good post about the best way to deploy OAM from a web server / network architecture point of view.

Today, I’d like to touch on a very important but overlooked aspect of OAM deployments which is whether or not to use SSL between the web server and OAM. The product documentation and broader OAM writings out there in the community do a good job of describing the webgate to OAM server communication (OAP) security modes of open vs. simple vs. cert mode. However, what is completely neglected is the discussion of whether or not to use SSL between the web server and OAM.

Wednesday, May 23, 2012

Domain Architecture and Middleware Homes Revisited


Over a year ago I wrote a couple important posts about the domain architectures used in Oracle Identity Management deployments.  You can find these posts here and here.
These posts have been very popular.  I’ve received lots of positive feedback on them but also a fair number of questions.  So, I thought that it would be worth revisiting the topic now.

Tuesday, May 1, 2012

Split profile setup with AD and OID for Fusion Apps IDM

I have discussed split profile set up scenario for Fusion Applications IDM Environment with AD and OID , process of creation of Adapters needed in OVD for consolidating the two directory servers AD and OID and the configuration changes needed in OAM , OIM  and WLS of IDM Environment in these 2 Blog posts.

Part1Part 2

This process is relevant to FA Release RUP1 . From release RUP2 some of these manual steps have been automated, which i will discuss in a future blog.