How to set and get session attributes in OAM 11g

Session & session attributes are newly introduced in OAM 11g. OAM 11g maintains a session at server side the sessionIds are managed by Session Management Engine SME. How to retrieve session IDs from OAM server are explained in post. So this post will give a sample code snippet to set and retrieve session attributes from session.

OAM session ID is around 20 characters and will be of the format d331ab34-2e17-4c5c-8ba1-a7cdf695150c. Session IDs can also be seen in OAM database schema by using sql command select * from oam_session;

The above sql command output will have results similar as shown below.

SESSIONID
——————————————————————————–
USERID
——————————————————————————–
IDENTITY_DOMAIN
——————————————————————————–
SESSION_INDEX
——————————————————————————–
CREATE_TIME
—————————————————————————
LAST_ACCESS_TIME
—————————————————————————
LAST_UPDATE_TIME
—————————————————————————
EXPIRY_TIME
4c2cdff7-0cbf-4723-aaab-489c06366d96
LN-Admin
NewOVDStore
-3226491390739477568
04-MAY-12 03.28.39.124000 AM
04-MAY-12 03.28.39.124000 AM
04-MAY-12 03.28.41.536000 AM
04-MAY-12 11.28.39.124000 AM

So it is merely easy to identify the session ID associated with which user IDs. The same behavior can also be seen in OAM console in Session Management section.

So the below snippet can be used to set and retrieve the session attributes from session.

Hashtable credentials = new Hashtable ();
credentials.put(“userid”, user_login);
credentials.put(“password”, user_passwd);
try{
AccessClient ac=null;
ResourceRequest req ;
ac = AccessClient.createDefaultInstance(Location,AccessClient.CompatibilityMode.OAM_10G);
req = new ResourceRequest(protocol, resource,method_way);
System.out.println(“Location–>”+Location);
UserSession session = new UserSession(req,credentials);
String sessionToken=session.getSessionToken();
System.out.println(sessionToken);
Set set=session.getSessionIds(user_login);

Iterator it = set.iterator();

String sessionID = “”;

while (it.hasNext()){

sessionID = it.next();

}
System.out.println(“Sessionattr—>”+set);

Hashtable sessionAttributes= new Hashtable ();
sessionAttributes.put(“userid”, “mahendra”);
sessionAttributes.put(“mobile”, “999123412”);

sessionAttributes.put(“email”, “mahendra@abcd.com”);

UserSession.setSessionAttributes(sessionID, sessionAttributes);

Hashtable sessionAttrs = UserSession.getSessionAttributes(sessionID);

System.out.println(“userid from session Attributes ===>”+sessionAttrs.get(“userid”));
System.out.println(“mobile from session Attributes ===>”+sessionAttrs.get(“mobile”));
System.out.println(“email from session Attributes ===>”+sessionAttrs.get(“email”));

}catch(Exception e){}

In OAM 11g user can have multiple sessions and based on this, the attributes can be retrieved in a loop.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

12 comments
JPaauw says May 9, 2012

I believe there is a bug in this code snippet. You are setting sessionId to the value of getSessionToken, which is actually the token, and not the ID, and, therefore, it can not be used to setSessionAttributes. Is there a way to get the session ID from the session token? I do not see any way possible in the OAM SDK short of getting the

Reply
Mahendra says May 10, 2012

Hello,

Yes – that’s right. The code snippet gets the sessionId from session.getSessionToken() and I have copied the code from testing code from multiple methods. THere is no way to get session ID from sessionToken. SessionID is purely OAM server side value.

In the code snippet, from the session.getSessionIds which is returning Set has to be iterated to get Session ID which is updated in the above code now.

Reply
imran says May 18, 2012

hi,
I got error message when trying to login into OAM admin console after fresh install. Any suggestions please.

Reply
Ignited Mind says February 28, 2013

Hi Experts,

I have understood that IAM will have obssocookie (10gwebgate), OAM_RMOETE_HEADER (OAM-identity assertor), any thing like session as well ?

Question is
Where is a mapping of enterprise Application session and OAM session ? in other words where we do configuration/assignment of session?

Assumption : Enterprise application is deployed on one weblogic. (application like ADF,WCP,EJB)
IAM is on another weblogic.

Help appreciated

Reply
Ignited Mind says February 28, 2013

Hi Mahendra,

I have understood that IAM will have obssocookie (10gwebgate), OAM_RMOETE_HEADER (OAM-identity assertor), any thing like session as well ?

Question is
Where is a mapping of enterprise Application session and OAM session ? in other words where we do configuration/assignment of session?

Assumption : Enterprise application is deployed on one weblogic. (application like ADF,WCP,EJB)
IAM is on another weblogic.

Help appreciated

Reply
Mahendra says March 1, 2013

Ignited Mind,

When OAM is integrated with application deployed in WebLogic Server, the session settings in the application should be disabled/commented. One should leave session management to OAM to handle.

Hope this helps.

-Mahendra

Reply
venkat28 says January 3, 2014

Hello Mahendra,

Can I define session attributes via authorization policy responses under application domain for a OAM 10G Webgate and retrieve the attributes using getSessionAttributes method.

Thanks
Venkat

Reply
Eslam Hassan says May 10, 2014

Hi Mahendra,

How to collect the user attributes in the session hashtable at runtime?

Reply
swaroop says September 18, 2014

In access client, after user authenticates, can we get his all identity store attributes ?
Which api do we use in above case?

Reply
venkat28 says June 17, 2015

Swaroop,
You can use getSessionAttributes method.
https://docs.oracle.com/cd/E28280_01/apirefs.1111/e22472/toc.htm

For this you need to set response as “session” under the authorization policies in application domain.

Also, make sure the identity store you are using is pointed as default identity store.

cheers,
Venkat

Reply
ramest says October 30, 2015

thanks a lot for this post.

Using SDK from a local machine I can connect to OAM and initialize AccessClient as well as successfully authenticate.

However, despite using weblogic user which has administrative privileged, I am not able to invoke any of the session or attributes related to command.
for example
when i try to use Set set=session.getSessionIds(user_login);or
set=UserSessions.getSessionIds(user_login)
I get the following message on RED in my eclipse console
SEVERE:Operations not permitted on this server
Access Exception: OAMAGENT-02005

Could you please advise.

ramesh

Reply
ramest says October 30, 2015

This one is resolved. This was already answered in other post. Basically, you need to set
“Allow Management Operations” in OAM Agent configuration.

thanks,

Reply
Add Your Reply