We have a shindig application protected by OAM 11g using an Apache 10g WebGate. Please refer my previous post on how to protect Apache Shindig application using OAM 11g.
It is very common to pass on user attributes in authorization actions as headers or cookies. However we have a requirement to get the ObSSOCookie that was created by OAM after authentication.
Well, there are cons of reading the OAM cookie and not advicable too – we will take this topic in some other post.
We have written simple java script logic to read the cookies from headers and except OAM cookie all other cookies are fetchable. So I have used the following solution to overcome this:
By default the OAM 10g or 11g secures the OAM cookie in authentication scheme – hence the value for parameter is set as ssoCookie=httponly by default. This means OAM does not allow to read the OAM cookie using java script which is ideal in secured environment. In less secure environment, it is set to ssoCookie=disablehttponly.
Then we are able to read the OAM Cookies from the headers using java script.
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com