3 Replies Latest reply on Oct 29, 2013 2:33 PM by securityUser-Oracle

    external form authentication scheme with OAM 11gR2

    securityUser-Oracle

      Hi

      I configured my own login page for form based authN scheme.

      I mentioned below fields in authN scheme:

       

      --------------------------------------------------------------------------------------------------------------------------------

      Challenge Method: Form

      Challenge Redirect URL:  /oam/server

      Challenge URL: http://loginpage_host:loginpage_port/app_pages/login.jsp

      Context Type: External

      --------------------------------------------------------------------------------------------------------------------------------

       

       

      My Login Page jsp:

      --------------------------------------------------------------------------------------------------------------------------------

       

      <div id="Cpp"> 
      <%@ page contentType="text/html; charset=iso-8859-1" language="java" %> 
          <% 
          String error=request.getParameter("error"); 
          if(error==null || error=="null"){ 
          error=""; 
         
          String paramName = "request_id"; 
          String reqId  = request.getParameter( paramName ); 
          %> 
          <html> 
          <head> 
          <title>User Login JSP</title> 
          </head> 
          <body> 
          <p>External Login Screen</p> 
          <p> 
              
          </p> 
          <div><%=error%></div> 
          <form name="frmLogin" action="http://oam_host:oam_port/oam/server/auth_cred_submit" method="post"> 
            <p> 
             User Name<input type="text" name="username"/> 
        Password  <input type="password" name="password"/> 
           <input name="request_id" value="<%=reqId%>" type="hidden">   
            </p> 
            <p> 
              <input type="submit" name="sSubmit" value="Submit"/> 
            </p> 
          </form> 
          </body> 
          </html> 
      </div> 

       

      It worked fine earlier.

       

      But today suddenly when i accessed the page, it started giving me the error:

      oam_server4-diagnostic-21.log:[2013-09-12T03:50:08.921-06:00] [oam_server4] [WARNING] [OAM-02074] [oracle.oam.controller] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c72ab7e1931dad2b:-66f2a9eb:141117ad9a7:-8000-000000000000005e,0] [APP: oam_server#11.1.2.0.0] Error while checking if the resource null is protected or not.

       

      And when i access the protected page, it shows the login page correctly but when i submit credentials, URL gets stuck at http://oam_host:oam_port/oam/server/auth_cred_submit and displays error on the page.

       

      Any Pointers??

       

      Thanks

        • 1. Re: external form authentication scheme with OAM 11gR2
          ColinPurdon-Oracle

          Hi idmuser,

           

          If you are running multiple OAM managed servers (and you do have one called oam_server4) then it could be that the authentication flow is being split across managed servers, and the request information is not being maintained. Please see Doc ID 1281026.1 for a discussion about the server request cache type setting and custom login forms. If this is the cause of the problems you are seeing, you should probably use "FORM" for the cache type. If not this is not the cause of the problem, maybe an HTTP Header trace will give some pointers.

           

          Regards,

          Colin

          • 2. Re: external form authentication scheme with OAM 11gR2
            securityUser-Oracle

            Thanks Colin

            Issue was we recently changed cache type from cookie to form to support long URLs. that created the problem as had to return OAM_REQ in the post method.

             

            Thanks

            • 3. Re: external form authentication scheme with OAM 11gR2
              securityUser-Oracle

              Colin,

              One more question pertaining to this is

              earlier i was not using any valid host:port combinations in host identifier. it was generic string equal to the the name of host identifier.

              But now after changing servercache to form and modifying the login form to return OAM_REQ, i have to put valid combinations in the host identifier. without that it shown Bad Access Manager error and in the logs:

               

              [2013-10-29T08:27:41.002-06:00] [oam_server2] [WARNING] [OAM-02073] [oracle.oam.controller] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c72ab7e1931dad2b:-ad6b939:1420484d41b:-8000-0000000000000014,1:27010] [APP: oam_server#11.1.2.0.0] Error while checking if the resource is protected or not.

              [2013-10-29T08:27:41.003-06:00] [oam_server2] [ERROR] [OAM-04029] [oracle.oam.proxy.oam] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c72ab7e1931dad2b:-ad6b939:1420484d41b:-8000-0000000000000014,1:27010] [APP: oam_server#11.1.2.0.0] Error in generating AMEvent. Details Event Response status is STATUS_FAIL for GET_AUTHN_SCHEME event. Error code OAM-02073 status fail isExcluded false

               

               

               

              Could you please explain the behaviour.

               

              Thanks in advance.