3 Replies Latest reply: Jul 24, 2012 11:54 PM by 937658 RSS

    OAM 11g SDK

    User248383
      I'm having some issues getting the OAM 11g SDK working. Below is the code that I'm using. For every step I'm getting successful messages back. The resource is protected, the authentication scheme is form and the code does create an OAM session for the user. If I log into the OAM Admin console, I can see the session for the user in the Session Management page. Using ieHTTPHeaders, I can see the ObSSOCookie get created (Set Cookie), but when I'm redirected to an OAM protected site I'm asked to log in. Is there something else that I'm missing? The OAM documentation states that the getSessionId() command returns back an encrypted value of the token which I'm setting to ObSSOCookie value. I have also verified that IPValidation is turned off. Anyone have any ideas?


      ac =
      AccessClient.createInstance(
      configPath.substring(5,configPath.length()),
      "",
      AccessClient.CompatibilityMode.OAM_10G);

      ResourceRequest rrq = new ResourceRequest(ac, protocol, resource, method);

      if (rrq.isProtected()) {
      System.out.println("Resource is protected.");

      AuthenticationScheme authnScheme = new AuthenticationScheme(ac, rrq);

      if (authnScheme.isForm()) {
      System.out.println("Form Authentication Scheme.");
      Hashtable creds = new Hashtable();

      username = request.getParameter("username");
      pwd = request.getParameter("password");

      ipAddress = request.getRemoteAddr();

      creds.put("userid", username);
      creds.put("password", pwd);
      creds.put("ip", ipAddress);
      creds.put("operation", method);
      creds.put("resource", resource);
      creds.put("targethost", requestedPage);

      UserSession user = new UserSession(ac, rrq, creds);

      if (user.getStatus() == UserSession.LOGGEDIN) {

      user.setLocation(ipAddress);

      if (user.isAuthorized(rrq)) {
      System.out.println("User is logged in and authorized for the"
      + "request at level " + user.getLevel());

      HttpSession session = request.getSession(true);

      //Set OAM 10g cookie
      token = user.getSessionToken();

      String cookieenc = URLEncoder.encode(token, "UTF-8");

      System.out.println("Cookie value: " + cookieenc);

      Cookie userCookie = new Cookie("ObSSOCookie", cookieenc);
      userCookie.setPath(path);

      //Add ObSSOCookie to users browser
      response.addCookie(userCookie);

      Cookie formCookie = new Cookie("ObFormLoginCookie", "done");
      formCookie.setPath(path);
      response.addCookie(formCookie);

      //Redirect user to login process form
      response.sendRedirect(requestedPage);


      One thing to note, when I log into the OAM console I don't see a Client IP Address for the user's session. Even though I pass an IP Address and I use the setLocation() method. I don't have IPValidation turned on but I'm not sure if a null Client IP Address value would cause issues. Also the authentication level is set to 2 for all of the resources, so I don't believe that is causing any issues either.

      Edited by: 801072 on Jul 23, 2012 1:27 PM
        • 1. Re: OAM 11g SDK
          937658
          Hi, try below points:

          1. Dot not encode the session token value.
          2. Set the cookie path as "/".
          3. set httponly for cookie.
          • 2. Re: OAM 11g SDK
            User248383
            Alan,

            Thanks for the response, I haven't had any luck with trying those suggestions:

            1.) Originally I didn't encode the value but when I set the cookie, I see the following in the Set Cookie command ObSSOCookie="somevalue", with the encoding I see the following ObSSOCookie=somevalue. So without the encoding to UTF-8 there are quotes around the value. Is there another way to remove the quotes without encoding? (Doing a simple removal of quotes using string methods doesn't work).

            2.) The cookie path is set to "/" currently.

            3.) This somewhat helped. Initially I see the ObSSOCookie set and then after the redirection it gets set to loggedoutcontinued. With httponly set, the ObSSOCookie value is kept in tact. Unfortunately it still redirects me to the login page. Which I'm assuming means the value is incorrect or doesn't link properly to the session in OAM.

            Any other suggestions? Has anyone actually gotten the OAM 11g SDK working?
            • 3. Re: OAM 11g SDK
              937658
              I'm using the OAM SDK, but I am use the C#, so the SDK version is 10g.

              My codes for your reference, it's works well.(C# lang)
              -----
              HttpRequest request = HttpContext.Current.Request;
              HttpResponse response = HttpContext.Current.Response;

              try
              {
              ObResourceRequestMgd requestResource = new ObResourceRequestMgd("HTTP", "//" + oamConfig.HostIdentifier + request.Url.PathAndQuery, request.HttpMethod);;

              ObDictionary credentials = new ObDictionary();
              credentials.Add("userid", username);
              credentials.Add("password", password);

              ObUserSessionMgd userSession = new ObUserSessionMgd(requestResource, credentials);

              if (userSession.Status.IsLoggedIn && userSession.IsAuthorized(requestResource))
              {
              HttpCookie cookie = new HttpCookie("ObSSOCookie", userSession.SessionToken);
              cookie.HttpOnly = true;
              cookie.Secure = "HTTPS".Equals(request.Url.Scheme, StringComparison.OrdinalIgnoreCase);
              response.SetCookie(cookie);
              ...
              }
              }
              catch (ObAccessExceptionMgd accessExp)
              {
              _log.Error(accessExp.Message, accessExp);
              throw new AuthenticationException(accessExp.Message, accessExp);
              }
              catch (Exception exp)
              {
              _log.Error(exp.Message, exp);
              throw;
              }