The problem we're trying to solveWhenever an application URL is protected by an OAM Webgate, the Webgate will intercept any request to said URL in order to ensure that a valid OAM session exists. Should the Webgate determine that there is no valid session (for instance, in the case of a session time-out), then the user will be redirected for authentication prior to to URL being served. This process is seamless from the perspective of the application, in most cases, unless the request that necessitates re-authentication contains POST data. Consider the following example:
Imagine an incredibly simple web application, comprising a single JSP page containing an input form and a servlet to display the values submitted on the form. The screenshots below demonstrate the working of such an application:
As you can see, this really is about the simplest web app it's possible to imagine and I'm sure its construction doesn't need any further detailed discussion. Now imagine that we apply an OAM protection policy to the application and simulate a session timeout before the form can be submitted. (I have done this by destroying the session from the OAM Console). Note that the POST data entered on the form is not preserved during the authentication redirect, as shown below:
To clarify what the above diagram depicts, we simulate a session timeout before the "Submit" button on the form can be clicked. The user is thus prompted for re-authentication prior to the HTTP POST to the servlet but during this process, the POST data (i.e the form input values) are lost. This is clearly not ideal from a usability point of view and could potentially negatively impact application functioning as well - were it to happen in the middle of a multi-page transaction, for example.
How to preserve POST dataIt turns out that enabling POST data preservation in OAM 11gR2 PS1 can be a very simple exercise. While the documentation (which I strongly encourage reading) does go into a lot of detail regarding a number of different settings and options, the goal here was to do "the simplest thing that works", in order to make a sort of general purpose recommendation that can be refined further as needed.
As is shown above, the parameter