Form based authentication using Oracle Access Manager

Hi all,

Though form based authentication is OOTB configuration in Oracle Access Manager, we fumble sometimes with the form authentication scheme and its parameters, login page, action URL etc.,

So, I would like to bring those gotchas or keypoints to remember while configuring Form based authentication.

There are two usecases here:

1. Assume both web application and Form login page resides in same OHS server.

2. Assume web application resides in OHS webserver and form login page resides in Apache server.

Lets assume OHS is running on Port 7777 and Apache on 80.

In this article, I will explain the case 1 and the other article explains case 2.

It is an easy configuration when login page resides in same web server where application resides. The important parameters of Form based authentication are

Challenge Parameter:

form:/login.html
creds:userid password
action:/dummy.cgi
passthrough:no

Here, login.html should be available in OHS server and test it with this URL http://OHS_Hostname:7777/login.html . If you are using OHS11g, then place this login.html in the location WebTier_Home\instances\instance1\config\OHS\ohs_name\htdocs.

You can also use Challenge Redirect to redirect the users to a central location storing all forms.

The action URL is a dummy URL say dummy.cgi. This URL should be protected using Anonymous Authentication scheme in OAM as shown in below slides.

Specify authorization Rule to allow all users.

Assign the Anonymous Authentication scheme.

Assign  the Allow All authorization Rule.

After this, specify your application resource to be protected in Resources of a policy domain and assign Form Login Authentication scheme.

This completes the configuration. Now, test the form based authentication by accessing the url say http://ohs_hostname: 7777/form_example/test.jsp as shown below.

Observe that the login.html is present in same OHS server (7777) . Enter the credentials and click login.

References:

Oracle Docs

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

5 comments
cristianob says November 16, 2010

i have in a IIS 6 sharepoint installed just integrated with OAM by impersonation and webgate on IIS.

in the same IIS i have another web site (TCP port 7000)with a login form for OAM. the problem is that when i click on submit an error occur for:
/access/oblix/apps/webgate/bin/webgate.dll

it do not find this resource but controlling from access tester everyone can.
i think that this problem is for the webgate configuration with an impersonate user, because with an IIS without impersonate user it works.
How can i solve ?

Reply
pavan says December 10, 2010

hi man
could u send code for this login page so that i can understand very clean in challeng parametes

Reply
Mahendra says December 10, 2010

Pavan,

You can refer this below html code

User Login

Username:
Password:

Reply
Lucky says July 28, 2011

Hi,
Could you provide a sample html code for form authentication in OAM 11g. I am confused on receiving the “request_id” parameter in html page.
Thanks,

Reply
Narendra says August 2, 2013

Hi Mahendra,

How the same can be implemented in OAM 11gR2.

Thanks,
Narendra

Reply
Add Your Reply