Bookmarking a login form in OAM

Similar Messages

• OAM 10g - access to resource is not authorized, but no login form displayed

  Hi,
  Here's another one. Let's say I access some (protected) page which redirected me to login form page. Login form page immediately creates a obssocooke (for user obanonymous). Instead of logging in, I just change URL to my protected application (I actually did it because I changed my mind and not while purposely testing).
  I am getting "not authorized" error, instead of being redirected to login page. This is very confusing and bad user experience. The obssocookie appears to point to a valid session (I checked status in my app for user session and it appears to be ObUserSession.LOGGEDIN) but obviously the user anonymous is not authorized.
  So the question is - Is there any way OAM would not create a valid session cookie for anonymous user when I just load login form page? How do you guys solve this issue? Should I somehow use auth level?
  Thanks,
  Alex

  Hi Sagar,
  What you've described is exactly my intention. I want only users with auth level > 0 to access the protected application. Plus for the resource I define my form based login as default authentication scheme (which has level=1). I think that the issue is that I protect the application with my own access gate (not a web gate). And there I have the following logic:
  if(sso cookie is present and status of the session = "logged in") then validate whether user has access to the requested resource. So in my case the sso cookie is found, and belongs to anonymous user, session state = logged in, and I fail at authorization check. I think I need to implement some kind of auth level check, or compare actual user's auth scheme with the one required for the resource, right?
  Thanks,
  Alex

• OAM In Custom Login Form: Is there a way to get the user that was blocked?

  Hi
  I'm creating a custom login form and I need to capture which user was blocked if I get an OAM-5 error code. There is no parameter that specifies which user was filled and I can't capture it before because the login page post directly to the OAM Server.

  Hi
  I'm creating a custom login form and I need to capture which user was blocked if I get an OAM-5 error code. There is no parameter that specifies which user was filled and I can't capture it before because the login page post directly to the OAM Server.

• Capturing obformlogincookie in login form

  We are using OAM/webgate 10.1.14.3. We have the following requirement:
  Customer wants the query string from the originating URL to be displayed on the login form.
  Please let me know if you have any idea on how can this be done.
  Thanks.

  Hi Vinay,
  The key will be to read the ObFormLoginCookie - the query string should be in there as part of the "rq" parameter. Once you can get at that, use javascript or rewrite rules to achieve the rest.
  -Vinod

• Display Login failure when using External Custom Login Form

  I am new to OAM area and really apreciate if some one can guide me in the right direction. I have configured External Custom Login Form (thanks to fusionsecurity blog) with Oracle Access Manager 11g + webgate 10g. If I enter correct user id and password in the below form, then all is good and able to access the protected resoruce.
  If I enter incorrect values for loginname/password fields, then the from simply refreshes itself and does not give me any error message. How can display error message when a user enters in correct values for those fields?
  <form action="http://hostname:7777/oam/server/auth_cred_submit" method="post">
  <fieldset>
  <legend>Login Screen</legend>
  <label for="username" accesskey="u">User Name:</label>
  <input type="text" id="username" name="username" size="15" tabindex="1">
  <label for="password" accesskey="p">Password:</label>
  <input type="password" id="password" name="password" size="15" tabindex="2">
  <input type="hidden" name="login-form-type" value="pwd">
  <input class="submit" type="submit" value="Login" tabindex="3">
  </fieldset>
  </form>
  Thanks

  Hi!
  I have installed Oracle Access Manager 11g + Webgate 11g and not 10g, but I think
  it has to work beause login is being processed by OAM (/oam/server/auth_cred_submit);
  and it if does not work, it may give you a clue on how to do it.
  Having stated that fact, it is very simple to do it: whenever I try to access a protected
  resource and I am not authenticated I am redirected to my login page and some
  special parameters are passed to it such as: request_id, OAM_REQ, authn_try_count and
  some others.
  authn_try_count is the magic one as it show the number of login tries, so here is
  a code snippet of my login page which uses JSTL for conditional processing.
  <form...>
  <c:if test="*${param['authn_try_count'] > 0}*">
  &lt;span class="error-msg"&gt;
  <fmt:message key="login.val.wrong.login"/>
  &lt;/span&gt;
  </c:if>
  </form>
  Best regards,
  Jesús García from
  Mexico city

• Double login page for oam console

  Hi All,
  I have installed OAM 11.1.1.5 and now trying to access OAM through OHS, i am getting double login page 1st OAM SSO page and after that OAM native page.
  installations details
  OAM 11.1.1.5
  OHS 11.1.1.5
  webgate 10g
  Please let me know how to fix this issue
  Regards
  A Abhinay

  Give the Success and failure URLs in Application Domain and Check where it is redirecting
  Thanks
  Kumar

• How to refresh the Expired Login Form on the onChange event of the password

  Hi,
  In the Expired Login Form I have places a custom label. My requirement is that on the onchange event of the password field the label color should change to orange if the entered password meets the password policy else red.
  I am trying the following code :
  Custom label:
  <Field name='Custom Label'>
  <Display class='Label'>
  <Property name='value' value='Custom label 1'/>
  <Property name='noNewRow'>
  <Boolean>true</Boolean>
  </Property>
  <Property name='color'>
  <block>
  <cond>
  <isTrue>
  <invoke name='checkStringQualityPolicy' class='com.waveset.ui.FormUtil'>
  <rule name='EndUserRuleLibrary:getCallerSession'/>
  <s>Default Password Policy</s>
  <invoke name='decryptToString'>
  <ref>resourceAccounts.password</ref>
  </invoke>
  <map/>
  <list/>
  <s>Configurator</s>
  </invoke>
  </isTrue>
  <s>orange</s>
  <s>red</s>
  </cond>
  </block>
  </Property>
  </Display>
  </Field>
  And on the password field i gave following in the onChange event:
  submitCommand(this.form, "Recalculate")
  But the above command is not refreshing the page. Instead on the onChange event its going back to the login.jsp.
  Any idea how to resolve the above issue.
  Thanks.

  I got it working as below but i dont know is this best practices?
  <%
      if(session.getAttribute("afterSet") != null){
           %>
      <div style="visibility:hidden">
        <iframe NAME="iframe1" src="/WebApplication2/TestController?fileDownload=test.pdf" WIDTH="40" HEIGHT="40"></iframe>
      </div>
      <%}       basically first time user visit the jsp page session attribute "afterSet" will be null so it wont create the hidden iframe tag . after it dispatched to the servlet controller and successfully processing the record it will set "afterSet" properties to some value and dispatch to itself
  after that it will popup/dialog box for user to save the pdf.
  this way the page already refreshes itself and wont have problem double clicking thing and so on

• Right way of login form...

  Hello
  I am a really newbie in web programming. I want to write a web application with JSF. I wonder what is the rgiht way of creating the login form. I tried to write a page segment file for it but page segments do not have prerender method so it cannot be fully controlled...I want something like that:
  login control will be two parts..
  if login info is not found in session, than it will show the login form.
  if the user is found in session, than it will show the menu for the user...
  but i couldnt do that because prerender methos is not available in page segments..
  what is the right way for doing that kind of thing?

  Indeed implement a Filter.
  Once an user logs in, put the User object in the HttpSession. Let the filter check on this User object. If this User object is null and you're not in the login page, then redirect to the login page.
  Do a Google search on "LoginFilter implements Filter" or "UserFilter implements Filter" and you'll find lot of examples.
  http://www.google.com/search?q=%22LoginFilter implements Filter%22
  http://www.google.com/search?q=%22UserFilter implements Filter%22
  Here is an advanced one which actually doesn't redirect if the User object doesn't exist, but this might give you some new insights: http://balusc.xs4all.nl/srv/dev-jep-usf.html

• Need some help in the login form ???!?!?!?!!

  can any one help me with correcting the code or can any one give me another code for using it in the login form.
  this is my problem:-
  i had make a login form using in oracle 9i form builder >>>in this form i have three text boxes one for intering user name and the second one for entering the password and the third text box is not visible and it is used for counting the tries.
  In addition i have a three buttons , one is for login and the two others are not visible and they are a show main menu button and a exit button. For login button i had put a WHEN-BUTTON-PRESSED trigger in the login button and it must check if the user name and the password match what it is on the login table so it allow the user to see the show main menu button otherwise if the user name or the password are wrong and has been putted wrong for 3 times of trying then it will show the exit button.
  and this is a picture of the login form in the design view.
  http://www.al7loh.com/uploader/uploads/login.JPG
  and this is the code for theWHEN-BUTTON-PRESSED trigger on the login button
  declare
       alertNum number;
  dummy1 tbl_login.USER_NAME%type;
       dummy2 tbl_login.PASS%type;
  begin
       select tbl_login.USER_NAME, tbl_login.PASS into dummy1, dummy2 from tbl_login where tbl_login.USER_NAME = :LOGIN.USER_NAME and
       tbl_login.PASS = :LOGIN.PASS;
       if :LOGIN.TRIES<3 then
       if sql%found
            then
            set_item_property('LOGIN.SHOW_MENU', visible, property_true);
                                                                             set_item_property('LOGIN.SHOW_MENU', enabled, property_true);
                                                                             else
                                                                             message ('Invalid password....try again');
                                                                             :LOGIN.TRIES := :LOGIN.TRIES+1;
                                                                             :LOGIN.USER_NAME := null;
                                                                             :LOGIN.PASS := null;
                                                                                  end if;
       else
       message ('Exceeded Number of tries..press exit button');
            set_item_property('LOGIN.EXIT', visible, property_true);
                 set_item_property('LOGIN.EXIT', enabled, property_true);
       end if;
       end;
  can any one help me correcting the code of the WHEN-BUTTON-PRESSED trigger on the login form or can any one give me another code for using it in the login form.
  i hope to get some help from the experts>>> ??!?!?!?!?!

  Something like this
  declare
    alertNum number;
    dummy1 tbl_login.USER_NAME%type;
    dummy2 tbl_login.PASS%type;
  begin
    Begin
      select tbl_login.USER_NAME, tbl_login.PASS
      into   dummy1, dummy2
      from   tbl_login
      where  tbl_login.USER_NAME = :LOGIN.USER_NAME
      and    tbl_login.PASS = :LOGIN.PASS;
      set_item_property('LOGIN.SHOW_MENU', visible, property_true);
      set_item_property('LOGIN.SHOW_MENU', enabled, property_true);
    Exception
      When no_data_found Then
        if :LOGIN.TRIES<3 then
          message ('Invalid password....try again');
          :LOGIN.TRIES := :LOGIN.TRIES+1;
          :LOGIN.USER_NAME := null;
          :LOGIN.PASS := null;
          Go_Item( 'LOGIN.USER_NAME' ) ;
        else
          message ('Exceeded Number of tries..press exit button');
          set_item_property('LOGIN.EXIT', visible, property_true);
          set_item_property('LOGIN.EXIT', enabled, property_true);
        end if;
    end;
  end;Francois

• How to remove login form for iView in portal

  Hi,
  I have created a workset in portal which provides links for various BI reports. In the properties of each page for report I set the property to lunch it in headerless window.
  When I login with test user and click on link for report its asking for userID password again. Once I login, it opens the report and it doesnt ask for other reports. If I logoff and close the browser and open in new browser its again ask's for user ID password when I open the report for first time.
  Could any one let me know the solution how to avaoid the login form  on clicking the link for BI report configured in workset.
  It is working fine for me in Dev and QA system, recently we did transport to Trainign system and I am facing this issue only in training system.
  Regards,
  Ravi.

  Hi,
  I dont want that login page to appear again. evan for the first time.
  The login page should apper only once that too while loging into portal. once I enter into workset and click on link for report which is launched in new window should not ask for login again.
  Its happening in my training system, which is not used to be in my dev and QA system.
  I need solution to show the report directly with out asking for authentication(login form) once again on clickig the link for report in workset.
  Regards,
  Ravi.

• How to print password_grace_time message on login form

  hi,
  we are running our application on 6i there we have a login form . we have set profile for a user & we want to show password_grace_time message ( ora-28002 ) on his login form when he try to login in grace time. how can we do this?
  regards

  I would just ask the 3rd party that created the PDF if they could supply unencrypted files. If there is some reason they will not, I am surprised that they have not restricted printing. Normally when Acrobat security is set, you can not print to a new PDF, even if printing is allowed. One option is to provide the ID and password to the other folks who need to review the PDFs. On the surface, there seems to be a license issue with what you are trying to do and you may need to be careful that the company is not at risk. That is why I am suggesting to coordinate with the 3rd party.
  Sorry. I don't have a solution but just the statement of concern.

• Help with Login Form (JSP DB Java Beans Session Tracking)

  Hi, I need some help with my login form.
  The design of my authetication system is as follows.
  1. Login.jsp sends login details to validation.jsp.
  2. Validation.jsp queries a DB against the parameters received.
  3. If the query result is good, I retrieve some information (login id, name, etc.) from the DB and store it into a Java Bean.
  4. The bean itself is referenced with the current session.
  5. Once all that's done, validation.jsp forwards to main.jsp.
  6. As a means to maintain state, I prefer to use url encoding instead of cookies for obvious reasons.I need some help from step 3 onwards please! Some code snippets will do as well!
  If you think this approach is not a good practice, pls let me know and advice on better practices!
  Thanks a lot!

  Alright,here is an example for you.
  Assume a case where you don't want to give access to any JSP View/HTML Page/Servlet/Backing Bean unless user logging system and let assume you are creating a View Object with the name.
  checkout an example (Assuming the filter is being applied to a pattern * which means when a resource is been accessed by webapplication using APP_URL the filter would be called)
  public doFilter(ServletRequest req,ServletResponse res,FilterChain chain){
       if(req instanceof HttpServletRequest){
              HttpServletRequest request = (HttpServletRequest) req;
              HttpSession session = request.getSession();
              String username = request.getParameter("username");
              String password = request.getParameter("password");
              String method = request.getMethod();
              String auth_type  = request.getAuthType();
              if(session.getAttribute("useInfoBean") != null)
                  request.getRequestDispatcher("/dashBoard").forward(req,res);
              else{
                      if(username != null && password != null && method.equaIsgnoreCase("POST") && (auth_type.equalsIgnoreCase("FORM_AUTH") ||  auth_type.equalsIgnoreCase("CLIENT_CERT_AUTH")) )
                           chain.doFilter(req,res);
                      else 
                        request.getRequestDispatcher("/Login.jsp").forward(req,res);
  }If carefully look at the code the autherization is given only if either user is already logged in or making an attempt to login in secured way.
  to know more insights about where these can used and how these can be used and how ?? the below links might help you.
  http://javaboutique.internet.com/tutorials/Servlet_Filters/
  http://e-docs.bea.com/wls/docs92/dvspisec/servlet.html
  http://livedocs.adobe.com/jrun/4/Programmers_Guide/filters3.htm
  http://www.javaworld.com/javaworld/jw-06-2001/jw-0622-filters.html
  http://www.servlets.com/soapbox/filters.html
  http://www.onjava.com/pub/a/onjava/2001/05/10/servlet_filters.html
  and coming back to DAO Pattern hope the below link might help you.
  http://java.sun.com/blueprints/corej2eepatterns/Patterns/DataAccessObject.html
  http://java.sun.com/blueprints/patterns/DAO.html
  http://www.javapractices.com/Topic66.cjp
  http://www.ibm.com/developerworks/java/library/j-dao/
  http://www.javaworld.com/javaworld/jw-03-2002/jw-0301-dao.html
  On the whole(:D) it is always a good practice to get back to Core Java/J2EE Patterns.and know answers to the question Why are they used & How do i implement them and where do i use it ??
  http://www.fluffycat.com/java-design-patterns/
  http://java.sun.com/blueprints/corej2eepatterns/Patterns/index.html
  http://www.cmcrossroads.com/bradapp/javapats.html
  Hope that might help :)
  REGARDS,
  RaHuL

• How to Develop a Login Form In Developer 6i

  Hi to everyone,
  I have developed some forms in Developer 6i. Now i want to deploy these Forms to client side. I want to design a Login Form for the end users to Use the Database Application. But the problem is, I don't know how to Develop a Login Form with the permission for the End Users to access the application.
  Also please tell me how to configure the FORMS Developer 6i to Run the Forms by the end users.
  Please help me to solve out the problem.
  Thank you in advance.

  If you are using ADFBC, the easiest way is
  - drop the data control as ADF form
  - add CreateInsert method binding to the pagedef
  - add an invokeAction for the createInsert with a refresh property set to renderModel so that an empty creation form will be shown on page load
  for insertion
  - Finally, add the commit action as button
  Sireesha

• J_security_check & login form

  I have a problem that just started. When goto a page (/faces/home.jspx) it brings up the login form as usual. I login and it sends me to a 404 page not found error. I click back, and then it'll bring me to the home page. Not sure why this is bringing up the 404 page.
  If i change from form based to http basic, then it prompts me for my password and brings up the home page. Any ideas why the 404 is coming up?

  For the benefit of others here is the JSP/JSTL & javascript solution.
  This allowed me to create an automated login and use declarative security ...
  The following code requires param.UserID and param.PassWord to be set before it is executed...
  <form name="AutoLogin" method="POST" action="j_security_check" >     
  <input type="hidden" name="j_username" value="<%= request.getParameter("UserID") %>" size="8" maxlength="8" />
  <input type="hidden" name="j_password" value="<%= request.getParameter("PassWord") %>" size="8" maxlength="8" />
  </form>
  <script type="text/javascript" language="JavaScript">
  document.AutoLogin.submit();
  </script>

• Oracle ADF 11g – Authentication using Custom ADF Login Form Problem

  Hi Guys,
  I am trying to Authenticate my adf application using custom Login Form.
  following this..
  http://www.fireboxtraining.com/blog/2012/02/09/oracle-adf-11g-authentication-using-custom-adf-login-form/#respond
  But my Login Page is not Loading.I think its sending request in chain.my jdev version is 11.1.1.5.Any Idea.
  Thanks,
  Raul

  Hi Frank,
  I deleted bounded code and In another Unit Test I created a simple login.jspx page and applied form based authentication but still facing same problem means something wrong in starting.
  My login.jspx page is
  <?xml version='1.0' encoding='UTF-8'?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
            xmlns:f="http://java.sun.com/jsf/core"
            xmlns:h="http://java.sun.com/jsf/html"
            xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
    <jsp:directive.page contentType="text/html;charset=UTF-8"/>
    <f:view>
      <af:document id="d1" >
        <af:form id="f1" >
          <af:panelFormLayout id="pfl1">       
            <af:inputText label="USERNAME" id="it1"
                          />       
            <af:inputText label="PASSWORD" id="it2"
                            />
            <af:commandButton text="LOG IN" id="cb1" />
            <f:facet name="footer">       
            </f:facet>                 
          </af:panelFormLayout>
        </af:form>
      </af:document>
    </f:view>
  </jsp:root>
  Don't know wht real problem is