We have a Java Web Application running on Weblogic proxied by an OHS with a Webgate installed for SSO and Security. We'd like that Java Application to use the OAM SDK to access/modify session attributes. We can not use the username/password to start an SDK UserSession because users are federated (SAML) so we'd like to use the ssoToken associated to the current OAM session generated for the Webgate. It is not clear how to obtain the session. Can the session token or authn token be read from a cookie available to the app behind the webgate? What cookie to use for an 11g Webgate?
Documentation states:
http://docs.oracle.com/cd/E40329_01/dev.1112/e27134/as_api.htm
For an Access Client developed using the Access SDK, a SSO token is issued as a string type with no name. Use getSessionToken() on an existing UserSession object to return that session's token. If you have an existing token, it can be used to construct a user session object. The token is encrypted and opaque to a user, but internally, can be either in 10g or 11g format
Regards,
Venkat