Form based authentication using Oracle Access Manager

Hi all,

Though form based authentication is OOTB configuration in Oracle Access Manager, we fumble sometimes with the form authentication scheme and its parameters, login page, action URL etc.,

So, I would like to bring those gotchas or keypoints to remember while configuring Form based authentication.

There are two usecases here:

1. Assume both web application and Form login page resides in same OHS server.

2. Assume web application resides in OHS webserver and form login page resides in Apache server.

Lets assume OHS is running on Port 7777 and Apache on 80.

In this article, I will explain the case 1 and the other article explains case 2.

It is an easy configuration when login page resides in same web server where application resides. The important parameters of Form based authentication are

Challenge Parameter:

form:/login.html
creds:userid password
action:/dummy.cgi
passthrough:no

Here, login.html should be available in OHS server and test it with this URL http://OHS_Hostname:7777/login.html . If you are using OHS11g, then place this login.html in the location WebTier_Home\instances\instance1\config\OHS\ohs_name\htdocs.

You can also use Challenge Redirect to redirect the users to a central location storing all forms.

The action URL is a dummy URL say dummy.cgi. This URL should be protected using Anonymous Authentication scheme in OAM as shown in below slides.

Specify authorization Rule to allow all users.

Assign the Anonymous Authentication scheme.

Assign  the Allow All authorization Rule.

After this, specify your application resource to be protected in Resources of a policy domain and assign Form Login Authentication scheme.

This completes the configuration. Now, test the form based authentication by accessing the url say http://ohs_hostname: 7777/form_example/test.jsp as shown below.

Observe that the login.html is present in same OHS server (7777) . Enter the credentials and click login.

References:

Oracle Docs

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

5 comments
Add Your Reply