Username based authentication using OAM 11g

I have worked on a OAM 11g requirement that needs to do authentication based on only username. There is a OOTB authentication scheme available in OAM 11g called LDAPNoPasswordValidationScheme. This authentication scheme uses the Authentication module LDAPNoPasswordAuthModule and that in turn points to Embedded Weblogic identity store by default.

I have to perform all this authentication using OAM 11g API. So I have created a dummy resource to test this. Pointed the LDAPNoPasswordAuthModule to OVD identity store as we are using OVD.

Used the below code snippet to test this and it worked fine.

ResourceRequest req = new ResourceRequest(“http”, “http://host:port/dummy”,”GET”);

Hashtable credentials = new Hashtable();
credentials.put(“userid”, “mahendra”);

session = new UserSession(req,credentials);

String sessionToken=session.getSessionToken();

The Resource http://host:port/dummy is protected using LDAPNoPasswordValidationScheme and thus session token is created with just username.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

4 comments

Steve D. says June 26, 2012

Why would you ever want to protect a resource with just a username!? I don’t get the requirement for something like this?

How would you protect a resource with say, a username and some secret attribute (not related to secret questions and answers) that is stored in LDAP that only the user knows the answer to? Would you use just form-based auth?

Mahendra says June 27, 2012

Steve,

There was a requirement to protect a less secured resource (not anonymous authentication). So here we just want to verify if the username already existing in LDAP.

-Mahendra

Anurag says March 3, 2015

We might try the same for one of my client , can you please let us know where did you put the code snippet and how did you integrate it with OAM?

Thanks in advance..

Abdi says March 11, 2015

Another usecase is if you want to have two Access management solutions in place and wann should just trust the other one. As an example you have SiteMinder and OAM both in place. You can protect your OAM Login page by Siteminder Agent, which simply authenticate the user against LDAP and passes the user name to OAM and this one creates an OAM session for the same user . So you have Security tokens from Siteminder and OAM at the same time while authenticating only against Siteminder.

Abdi

Add Your Reply