Unprotecting URIs without using OAM Anonymous authentication

I am pretty sure you might have had the requirement to unprotect certain URI context in an application URL using OAM. This is in regards to OAM 10.1.4.3. The usual procedure to unprotect an URI context is to define the resource in OAM Policy Domain. Create a separate policy for that URI and specify Anonymous authentication scheme and corresponding authorization policy.

Although traditional OAM authentication is not performed, the authentication check and authorization calls to OAM happens and thus performance will impact.

The simple alternative is to avoid calls to OAM Webgate within http directives. When a webgate is installed on Apache Web Server (say), then webgate configurations will be updated in httpd.conf file which includes LocationMatch element as shown below:

<LocationMatch “/*”>
AuthType Oblix
require valid-user
</LocationMatch>

The above line tells WebGate to intercept the calls with root URL “/”. To unprotect a specific URI context say “public” with URL of the format say http://app:port/public then we can define LocationMatch element as shown below.

<LocationMatch “!public”>
AuthType Oblix
require valid-user
</LocationMatch>

Restart the http server. Then access the URL and see that anonymous calls to OAM will not happen and it greatly improves performance.

You can play around this feature 🙂

If you want to learn more in Oracle Access Manager then register for our free Minicourse by clicking on below image.

OAM_img

Series Navigation<< Apache 11g WebGate for OAM 11gR2New OAMConsole in OAM 11gR2 PS2 : Enabling Federation, STS, Mobile & Social in Oracle Access Management Suite 11.1.2.2 >>

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

2 comments
Sekhar says May 18, 2015

Hi Mahendra,

Can we apply this performance tip to even OAM11g?
Also do we have to add an additional entry i.e in addition to what we have i.e locatonMatch “/* if yes then how does the server know which one to pick?

Reply
suresh says June 3, 2016

Hi, Is there anything similar configuration for OAM 11g R2 PS3? Plz let me know. Thanks.

Reply
Add Your Reply

Not found