Enable Unsolicited login in OAM

Enable Unsolicited login in OAM

Unsolicited Login is a new feature available in OAM 11g Release 2 (11.1.2.x). Using Unsolicited login functionality, you can post the credentials directly from an application page to OAM  and perform user authentication .  To enable unsolicited login in OAM you need to make the required configuration changes in oam-config.xml . 

This posts explains the steps to enable unsolicited login OAM 11R2 .

Steps to Enable Unsolicited login in OAM

  1. Shutdown OAM Admin server and managed servers
  1. Take a backup of the file oam-config.xml

PATH:  OAM_DOMAIN_HOME/config/fmwconfig/oam-config.xml

           Eg: /u01/oracle/idm/domains/idm_domain/config/fmwconfig

  1. On Admin server and navigate to /u01/oracle/idm/domains/idm_domain/config/fmwconfig
  2. Open the oam-config.xml and search for the below ,

<Setting Name=”Version” Type=”xsd:integer”>
5. Increase the existing Version value in by one

                 <Setting Name=”Version” Type=”xsd:integer”>697</Setting>

        6. Search for the below entry in the oam-config.xml

<Setting Name=”DirectAuthenticationServiceDescriptor” Type=”htf:map”>

7. Set the ServiceStatus under DirectAuthenticationServiceDescriptor is set to true

              <Setting Name=”DirectAuthenticationServiceDescriptor” Type=”htf:map”>

<Setting Name=”ServiceStatus” Type=”xsd:boolean”>True</Setting>

</Setting>

Once the steps to enable unsolicited login in OAM is executed, you can post the login information directory from the application page.

The OAM end point to post the credentials is given below,

http://<OAM-HOST>:<OAM-PORT> /oam/server/authentication.

Submit username, password and success url to the endpoint to perform the unsolicited login . After the successful authentication user will be redirected to the success url. Make sure that the success url is a protected resource in OAM. If OAM whitelist mode is enabled then if required add the host name details of success url to OAM whitelist. Otherwise OAM sever will not redirect the user to success url . OAM whitelist mode and adding urls to OAM whitelist is explained here.

Sample Login page

<form id=”PortalLogin” name=”Portallogin” action=”http://<OAM-HOST>:<OAM-PORT>/oam/server/authentication” method=”post”  >

<input id=”username” type=”text” name=”username” />

<input id=”password” type=”password” name=”password” />

<input id=”successurl” type=”text” name=”successurl” value=”http://<APPLICATION-HOSTNAME>:<PORT> /Homepage.html”/>

<input type=”submit” value=”submit” />

</form>

Authentication Flow for Unsolicited Login

Once you submit the form, OAM will authenticate the user against the Authentication policy defined for the resource /oamDirectAuthentication.This resource is by default available in the IAM Suite Agent application domain of OAM and by default the authentication scheme associated with this LDAP and its pointing to weblogic embedded ldap. If you want to make authentication against the LDAP servers make the necessary changes in OAM for this.

 

Rollback Steps

To revert the changes execute the below steps ,

  1. Stop the OAM Admin and managed servers.
  1. Restore the oam-config.xml from the backup.

PATH:  OAM_DOMAIN_HOME/config/fmwconfig/oam-config.xml

Eg: /u01/oracle/idm/domains/idm_domain/config/fmwconfig

  1. Restart the OAM Admin and Managed Servers.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>