Skip to main content

OAM 11g Cookies

In OAM 11g 2 types of cookies are generated.

  1. OAM_ID (Server side)
  2. OAMAuthnCookie_<host_port>
OAMAuthnCookie is encrypted with the specific key for a particular webgate and can not work with any other webgate.


User requests the resource --> webgate intercepts the request and sends a request to OAM to check if resource is protected --> if protected credential collector sends a login page to collect the credentials -->if credentials are correct then OAM_ID cookie is generated at the server side --> OAM server generates the OAMAuthCookie_<host_port> and sends it to webgate 

Contents of the OAMAuthnCookie (ObSSOCookie for 10g webgate) are :

  • Authenticated User DN
  • Authentication Level
  • IP Address
  • SessionID (Reference to Server side session – OAM11g Only)
  • Session start and refresh time
  • Session InActivity Global and Max
  • Validation Hash
Labels:

Comments

Post a Comment

Popular posts from this blog

Developing Prepopulate Adapter with OIM 11g R2

1.      Prepopulate Adapter in OIM uses the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. 2.      Write the Java code which returns the value which has to be populated on the form. 3.      This code will implement the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. Code Snippet: - package com.oracle.oim.utility.eventhandler; import java.io.Serializable; import java.util.Iterator; import java.util.List; import java.util.logging.Logger; import oracle.iam.identity.exception.NoSuchUserException; import oracle.iam.identity.exception.UserLookupException; import oracle.iam.identity.usermgmt.api.UserManager; import oracle.iam.identity.usermgmt.vo.User; import oracle.iam.platform.Platform; import oracle.iam.platform.authz.exception.AccessDeniedException; import oracle.iam.request.exception.RequestServiceException; import oracle.iam.request.vo.Beneficiary; import oracle.iam.request.vo.RequestData; public c
5 comments
Read more

OIM Tuning

Application Module tuning is a critical setting which will affect the UI performance. Following are the recommended application module settings for OIM and these are already set out-of-box (OOB) in later releases of OIM 11g R2. Ensure that these settings are implemented as recommended in your environment. -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60 - Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true - Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1 - Djbo.connectfailover=false -Djbo.max.cursors=5 - Doracle.jdbc.implicitStatementCacheSize=5 - Doracle.jdbc.maxCachedBufferSize=19 open DOMAIN_HOME/bin/setDomainEnv.sh file for the WebLogic Server instance.find these lines: JAVA_OPTIONS="${JAVA_OPTIONS}" export JAVA_OPTIONS and change it to: JAVA_OPTIONS="-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -D
Post a Comment
Read more

Creating Role through OIM API - 11gR2

package com.oim.utilities; import java.util.HashMap; import oracle.iam.identity.rolemgmt.api.RoleManager; import oracle.iam.identity.rolemgmt.api.RoleManagerConstants; import oracle.iam.identity.rolemgmt.vo.Role; import oracle.iam.platform.OIMClient; public class RoleManagement  { static RoleManager roleManager=null; static OIMClient client=null; @SuppressWarnings("null") public static void createRole(String roleName){ System.out.println("RoleManagement :: createRole :: role name is "+roleName); try  { if (roleName!=null) { HashMap<String, Object> mapAttrs = new HashMap<String, Object>();; mapAttrs.put(RoleManagerConstants.ROLE_NAME, roleName); mapAttrs.put(RoleManagerConstants.ROLE_DISPLAY_NAME,roleName); mapAttrs.put(RoleManagerConstants.ROLE_DESCRIPTION, roleName); Role role = new Role(mapAttrs); // Initialising the OIM Connection client=ClientOIM.initialise(); System.out.println("RoleManagemen
1 comment
Read more