Fetch userid from custom cookie from HTTP session: Oracle Access Manager
Please refer the post for more details why do we need to fetch the userid attribute value from a Cookie instead of Header Variable.
Most of the integrations that we do with Oracle Access Manager expect user id to be passed to the target application to identify the user authenticated.
The below code can be used to fetch the Cookie which has userid in a jsp page.
String cookieName = “HTTP_REMOTE_UID”;
String userid = null;
Cookie cookies [] = request.getCookies();
if (cookies != null)
{
for (int i = 0; i < cookies.length; i++)
{
if (cookies [i].getName().equals (cookieName))
{
userid=cookies[i].getValue();
}
}
}
User Logged into application <%= userid %>
I have taken jsp in this case, it could also be servlet or asp etc.,
You should be really cautious to justify this solution to the customer because of a security loophole with this approach.
The Cookie that is sent from OAM to user browser is a plain text and not encrypted. Anyone who has good knowledge in tweaking the code could easily intervene and take user information which is highly confidential. In our case, we have just retrieved userid, but it can be other attributes like mobile no., SSN etc.,
Hence, please use this approach with more circumspection.
About the Author Mahendra
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com