Unprotecting URIs without using OAM Anonymous authentication

I am pretty sure you might have had the requirement to unprotect certain URI context in an application URL using OAM. This is in regards to OAM 10.1.4.3. The usual procedure to unprotect an URI context is to define the resource in OAM Policy Domain. Create a separate policy for that URI and specify Anonymous authentication scheme and corresponding authorization policy.

Although traditional OAM authentication is not performed, the authentication check and authorization calls to OAM happens and thus performance will impact.

The simple alternative is to avoid calls to OAM Webgate within http directives. When a webgate is installed on Apache Web Server (say), then webgate configurations will be updated in httpd.conf file which includes LocationMatch element as shown below:

<LocationMatch “/*”>
AuthType Oblix
require valid-user
</LocationMatch>

The above line tells WebGate to intercept the calls with root URL “/”. To unprotect a specific URI context say “public” with URL of the format say http://app:port/public then we can define LocationMatch element as shown below.

<LocationMatch “!public”>
AuthType Oblix
require valid-user
</LocationMatch>

Restart the http server. Then access the URL and see that anonymous calls to OAM will not happen and it greatly improves performance.

You can play around this feature 🙂

If you want to learn more in Oracle Access Manager then register for our free Minicourse by clicking on below image.

OAM_img

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

2 comments
Add Your Reply