4 Replies Latest reply: May 10, 2013 2:40 AM by ColinPurdon-Oracle RSS

    How to suppress URL information for an OAM custom log in page

    dnpjones
      I am currently running an 11.1.1.5 release of the Oracle Identity Manager suite (OAM, webgate, OIM, SOA via OVD/OID all on weblogic servers) that uses a custom FORM page to sign in users. The custom log in page works functionally perfectly fine including going through all the webgate and oam redirects that it should to authorize users. However our security team has asked that we suppress some of the URL information as too much is being displayed...

      I.e. when you hit the page you get...
      https://company.org/loginpage/login.jsp?authn_try_count=0&contextType=external&username=string&contextValue=%2Foam&challenge_url=https%3A%2F%2Fcompany.org%2Fccris%2Flogin%2Flogin.jsp&password=sercure_string&request_id=6341160467394292662&OAM_REQ=&locale=en_US&resource_url=http%253A%252F%252Fcompany.org%252Fccr%252Fapp%252Flogin

      We would like to at most have only...
      https://company.org/loginpage/login.jsp?request_id=6341160467394292662

      Is there an OAM option to do this URL suppression? Or do I have to look outside oracle standard options to solve this?

      -Dan