tag:blogger.com,1999:blog-1816408742331555186.post226774892949328215..comments2023-05-22T03:03:54.478-07:00Comments on Oracle Fusion Middleware Security: X509 Fallback to FormChris Johnson (Oracle)http://www.blogger.com/profile/13331466366556759355noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-1816408742331555186.post-36893659431212621032012-11-28T08:43:00.074-08:002012-11-28T08:43:00.074-08:00Kerberos fallback to forms is difficult if not imp...Kerberos fallback to forms is difficult if not impossible to reliable do because of a limitation of the HTTP and "Negotiate" authentication protocol and there is no simple way around it.<br /><br />Chris discussed a way to avoid the pop-up and still get WNA to work under OAM 10g with some customization of the login process some time ago in a blog post at:<br />http://fusionsecurity.blogspot.com/2010/06/oracle-access-manager-and-kerberos.html<br /><br />However, we've heard others report that newer versions of the JDK didn't work the same way so no guarantees that this will work.<br />Brian Eidelmanhttps://www.blogger.com/profile/00527044305949442012noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-53152248031493238532012-11-28T08:37:11.018-08:002012-11-28T08:37:11.018-08:00Hi,
I am looking to do something similar with the...Hi,<br /><br />I am looking to do something similar with the kerberos fallback.<br />We currently have oam configured with kerberos and this works fine.<br /><br />We however have to cater for users who are not in the kerberos domain and so wish to provide a form based fallback (mainly the /oam/pages/login.jsp) rather than the browser based BASIC authentication popup which we are currently shown.<br /><br />can we configure something of a similar nature for the kerberos authentication scheme?zafarhttps://www.blogger.com/profile/14257981803284471368noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-6842359117721005582012-11-16T11:52:05.730-08:002012-11-16T11:52:05.730-08:00Make sure that both the resources are protected by...Make sure that both the resources are protected by auth schemes of same authentication levels. You can also test it by accessing the redirect.jsp page first using FORM credentials (make sure you don't invoke sendRedirect when TARGET is missing and print something as per the sample code)and then access the welcome_source.html page. You can also test it reversely, that is, accessing the welcome_resource.html using a valid X509 and then access the redirect.jsp resource. That will verify your configuration.<br /><br />Another thing, depending on the browser sometimes you may need to URL-Encoding/Decoding properly. That means you may need to tweak the code where URL encoding and decoding is happening. <br /><br />Best of luck!Debasish Bhattacharyahttps://www.blogger.com/profile/18234081112638109617noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-13065419803010969972012-11-16T10:06:32.795-08:002012-11-16T10:06:32.795-08:00Debasish,
Please help on this multiple redirec...Debasish,<br /><br /> Please help on this multiple redirect loop<br /> I am successfully tested up to the step 3 and not forwarding to step 4 (It redirect to Redirect.jsp 5 times before i got the below error on the webpage).<br />original resource : welcome_source.html(protected with https://:14101/customcred/getcreds)<br />Redirect jsp : http://:7777/Redirect/Redirect.jsp(deployed on Admin server and proxies thru OHS, and protected with form AuthN)<br />mod_wl_ohs.conf<br /><br />SetHandler weblogic-handler<br />WebLogicHost .gsa.gov<br />WebLogicPort 7001<br />DebugConfigInfo ON<br /><br /><br /><br /> The webpage at https://:14101/customcred/getcreds?authn_try_count=0&contextType=external&challenge_url=https%3A%2F%2Fiamps9%3A14101%2Fcustomcred%2Fgetcreds&request_id=4649136659505797369&locale=en_US&resource_url=http%253A%252F%252F%253A7777%252Fwelcome_source.html has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.<br />5 times it iterated in Redirect.jsp<br />token****************tokenN:0<br />target****************targethttp%3A%2F%2Fiamps9%3A7777%2Fwelcome_source.html<br />decodedTarget****************decodedTargethttp://iamps9:7777/welcome_source.html<br />token****************tokenN:0<br />target****************targethttp%3A%2F%2Fiamps9%3A7777%2Fwelcome_source.html<br />decodedTarget****************decodedTargethttp://iamps9:7777/welcome_source.html<br />token****************tokenN:0<br />target****************targethttp%3A%2F%2Fiamps9%3A7777%2Fwelcome_source.html<br />decodedTarget****************decodedTargethttp://iamps9:7777/welcome_source.html<br />token****************tokenN:0<br />target****************targethttp%3A%2F%2Fiamps9%3A7777%2Fwelcome_source.html<br />decodedTarget****************decodedTargethttp://iamps9:7777/welcome_source.html<br />token****************tokenN:0<br />target****************targethttp%3A%2F%2Fiamps9%3A7777%2Fwelcome_source.html<br />decodedTarget****************decodedTargethttp://iamps9:7777/welcome_source.html<br /><br /><br />Thanks<br />HariAnonymoushttps://www.blogger.com/profile/05380997917234456452noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-26787410303630252372012-11-15T17:35:49.976-08:002012-11-15T17:35:49.976-08:00Thanks Debasish
Thanks Debasish <br /><br /> <br /><br />Anonymoushttps://www.blogger.com/profile/05380997917234456452noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-48313112676751409772012-11-15T11:01:17.335-08:002012-11-15T11:01:17.335-08:00Thanks for the question, I just updated the post. ...Thanks for the question, I just updated the post. The secondary resource can be the JSP page. Remember it can also be a HTML page with javascript and also may be a Servlet.Debasish Bhattacharyahttps://www.blogger.com/profile/18234081112638109617noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-47484438140116434942012-11-14T17:53:54.208-08:002012-11-14T17:53:54.208-08:00Debasish ,
Excellent post on the PIV/Form Auth, Ca...Debasish ,<br />Excellent post on the PIV/Form Auth, Can you explain where exactly we need to put the code for JSP Code (Sample JSP for Redirection to Original Resource)<br /><br />Thanks<br />Hari <br /><br /><br /><br />Anonymoushttps://www.blogger.com/profile/05380997917234456452noreply@blogger.com