{"id":3280,"date":"2012-05-04T06:57:59","date_gmt":"2012-05-04T10:57:59","guid":{"rendered":"http:\/\/onlineappsdba.com\/?p=3280"},"modified":"2012-05-04T10:11:47","modified_gmt":"2012-05-04T14:11:47","slug":"how-to-pass-oam-obssocookie-in-oam-authorization-actions","status":"publish","type":"post","link":"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/","title":{"rendered":"How to read OAM ObSSOCookie through java script"},"content":{"rendered":"<p>We have a shindig application protected by OAM 11g using an Apache 10g WebGate. Please refer my <a href=\"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-protect-apache-shindig-application-using-oracle-access-manager-11g\/\">previous post <\/a>on how to protect Apache Shindig application using OAM 11g.<\/p>\n<p>It is very common to pass on user attributes in authorization actions as headers or cookies. However we have a requirement to get the ObSSOCookie that was created by OAM after authentication.<\/p>\n<p>Well, there are cons of reading the OAM cookie and not advicable too &#8211; we will take this topic in some other post.<\/p>\n<p>We have written simple java script logic to read the cookies from headers and except OAM cookie all other cookies are fetchable. So I have used the following solution to overcome this:<\/p>\n<ol>\n<li>Login to OAM console.<\/li>\n<li>Goto OAM Agents, click on Form Based authentication scheme. We are using Form login.<\/li>\n<li>Specify the parameter ssoCookie=disablehttponly in Challenge Parameter as shown below.<a href=\"https:\/\/onlineappsdba.com\/wp-content\/uploads\/2012\/05\/AuthScheme.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3283\" src=\"https:\/\/onlineappsdba.com\/wp-content\/uploads\/2012\/05\/AuthScheme.jpg\" alt=\"\" width=\"545\" height=\"374\" srcset=\"https:\/\/onlineappsdba.com\/wp-content\/uploads\/2012\/05\/AuthScheme.jpg 545w, https:\/\/onlineappsdba.com\/wp-content\/uploads\/2012\/05\/AuthScheme-300x205.jpg 300w\" sizes=\"auto, (max-width: 545px) 100vw, 545px\" \/><\/a><\/li>\n<li>Apply the changes.<\/li>\n<\/ol>\n<p>By default the OAM 10g or 11g secures the OAM cookie in authentication scheme &#8211; hence the value for parameter is set as ssoCookie=httponly by default. This means OAM does not allow to read the OAM cookie using java script which is ideal in secured environment. In less secure environment, it is set to ssoCookie=disablehttponly.<\/p>\n<p>Then we are able to read the OAM Cookies from the headers using java script.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have a shindig application protected by OAM 11g using an Apache 10g WebGate. Please refer my previous post on [&hellip;]<\/p>\n","protected":false},"author":115,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[40],"tags":[367,355,368],"class_list":["post-3280","post","type-post","status-publish","format-standard","hentry","category-sso","tag-cookie","tag-oam-11g","tag-secure"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to read OAM ObSSOCookie through java script  -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to read OAM ObSSOCookie through java script  -\" \/>\n<meta property=\"og:description\" content=\"We have a shindig application protected by OAM 11g using an Apache 10g WebGate. Please refer my previous post on [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/\" \/>\n<meta property=\"article:published_time\" content=\"2012-05-04T10:57:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2012-05-04T14:11:47+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2012\/05\/AuthScheme.jpg\" \/>\n<meta name=\"author\" content=\"Masroof Ahmad\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Masroof Ahmad\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/\",\"url\":\"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/\",\"name\":\"How to read OAM ObSSOCookie through java script -\",\"isPartOf\":{\"@id\":\"https:\/\/onlineappsdba.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2012\/05\/AuthScheme.jpg\",\"datePublished\":\"2012-05-04T10:57:59+00:00\",\"dateModified\":\"2012-05-04T14:11:47+00:00\",\"author\":{\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb\"},\"breadcrumb\":{\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/#primaryimage\",\"url\":\"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2012\/05\/AuthScheme.jpg\",\"contentUrl\":\"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2012\/05\/AuthScheme.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/onlineappsdba.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to read OAM ObSSOCookie through java script\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/onlineappsdba.com\/#website\",\"url\":\"https:\/\/onlineappsdba.com\/\",\"name\":\"\",\"description\":\"Oracle Implementation &amp; Training Experts\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/onlineappsdba.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb\",\"name\":\"Masroof Ahmad\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g\",\"caption\":\"Masroof Ahmad\"},\"url\":\"https:\/\/onlineappsdba.com\/index.php\/author\/masroof\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to read OAM ObSSOCookie through java script  -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/","og_locale":"en_US","og_type":"article","og_title":"How to read OAM ObSSOCookie through java script  -","og_description":"We have a shindig application protected by OAM 11g using an Apache 10g WebGate. Please refer my previous post on [&hellip;]","og_url":"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/","article_published_time":"2012-05-04T10:57:59+00:00","article_modified_time":"2012-05-04T14:11:47+00:00","og_image":[{"url":"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2012\/05\/AuthScheme.jpg","type":"","width":"","height":""}],"author":"Masroof Ahmad","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Masroof Ahmad","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/","url":"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/","name":"How to read OAM ObSSOCookie through java script -","isPartOf":{"@id":"https:\/\/onlineappsdba.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/#primaryimage"},"image":{"@id":"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/#primaryimage"},"thumbnailUrl":"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2012\/05\/AuthScheme.jpg","datePublished":"2012-05-04T10:57:59+00:00","dateModified":"2012-05-04T14:11:47+00:00","author":{"@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb"},"breadcrumb":{"@id":"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/#primaryimage","url":"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2012\/05\/AuthScheme.jpg","contentUrl":"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2012\/05\/AuthScheme.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/onlineappsdba.com\/index.php\/2012\/05\/04\/how-to-pass-oam-obssocookie-in-oam-authorization-actions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/onlineappsdba.com\/"},{"@type":"ListItem","position":2,"name":"How to read OAM ObSSOCookie through java script"}]},{"@type":"WebSite","@id":"https:\/\/onlineappsdba.com\/#website","url":"https:\/\/onlineappsdba.com\/","name":"","description":"Oracle Implementation &amp; Training Experts","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/onlineappsdba.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb","name":"Masroof Ahmad","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g","caption":"Masroof Ahmad"},"url":"https:\/\/onlineappsdba.com\/index.php\/author\/masroof\/"}]}},"_links":{"self":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts\/3280","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/users\/115"}],"replies":[{"embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/comments?post=3280"}],"version-history":[{"count":0,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts\/3280\/revisions"}],"wp:attachment":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/media?parent=3280"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/categories?post=3280"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/tags?post=3280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}