Tuesday, October 14, 2014
Since OAM 10g days, keeping track of Protected Resource that user wanted to access throughout custom authentication process has been a challenge. In OAM 10g, it was possible to create custom OBFormLoginCookie to overcome that challenge. With the introduction of Encrypted OAM_REQ cookie in OAM 11g, it is not feasible. That makes it difficult to do post Authentication operations or any customizations in Authentication process.
OAM 11gR2 introduced a feature where you can redirect user to a URL post successful Authentication (On Authentication success event in Authentication policy as defined in the screen shot below). OAM while doing that redirect, adds end_url query parameter to URL with the value of protected resource that user tried to access. You can do any post Authentication processing required on Authentication success URL and then redirect user to end_url.
One of the use cases of the feature is, when you do OAM-OAAM integration, you can invoke OAAM post Authentication rules before redirecting user to protected resource the user was trying to access. Here is the Architecture diagram for the use case described above.
Note: Architecture diagram below is representative diagram for the use case and does not represent Oracle recommended Architecture for OAM deployment.