This content has been marked as final. Show 9 replies
Verify if after your OAM Login you have next cookies:
OAMAuthnCookie if your configured Webgate is 11g
ObSSOCookie if your Webgate is 10g
I suggest you first try the default OAM Login that appears with a basic OAM configurations with WebCenter.
We had a similar problem and i'm going to ask how we solve it to help you (i don't remeber if was a cookies issue).
Here you have a Sample from Oracle of a Custom OAM Login Bean for WebCenter Spaces that redirects default Login to OAM Login: http://www.oracle.com/technetwork/middleware/webcenter/owcs-ps3-wcs-ext-samples-wp-308576.pdf (but isn't necessary, is only a programmatic sample).
Tomorrow i'll try to answer you :).
Thanks for all the replies.
I am working with another colleague who is configuring OAM and so have been testing different configurations.
We are using WebCenter 126.96.36.199 and OAM 10g (10.1.4.3) and OAM is used as the SSO for OBIEE and other oracle apps. My application is a custom Portal app and we are not yet using Spaces.
Access to all applications URLs, including WebCenter are protected by OAM configuation and Webgate. users for now will use an ID/pwd to login. But later they can also use a certificate.
No security configuration was done at the WebCenter app side and the Login Authentication in web.xml was not set.
In the WebCenter admin console we configured the OAM as a provider and added
- "OAM ID Asserter" configured OAM_REMOTE_USER as the SSO Header Name and as the Active type assertor (didn't add obSSOCookie) and "OIDAuthenticator".
We have no issues to login and if we used OAM Basic authentication. We always get the logged user fine in the securityContext.
When changed OAM to use Form based authentication the loggin worked but get anonymous in securityContext.
I am trying to get the securityContext from a custom JSPX page and from a Managed Bean (both work with Basic but not Form based)
I will test with the:
The question I have is do I need to configure WebCenter in other ways than to what I mentioned above? (currently don't see the need since OAM does the work of the authenticating and Asserting and worked with Basic authn.)
1. I see in Jdev in the web.xml security has: Login Authentication (which will test with CLIENT-CERT), security roles and security Constraints. DON'T see for the need to configure the last two since will have the user roles in OID and securityContext have a method to get the user Roles.
2. Do I need to enable for the WebCenter application ADF security and add "ADF Authentication and Authorization" ?
Will provide more updates when we validate and tests the configurations.