Example to use Query String in Oracle Access Manager Policy.

Similar Messages

• Oracle access manager - Policy domain - Return Type

  Hi,
  I have a requirement where I need to return few LDAP parameter values through Policy domain while redirecting. But the return type should be propertytype and not headervar or cookie. This is SSO integration with websphere using JAAS subject. We have inhouse TAI connector developed for integration between websphere and oracle access manager.
  Please help me to resolve this issue.
  Regards,
  Prashant

  Hi Prashant,
  OAM can return any type that you want, and OAM will set the name/value for that type - you can put "propertytype" in the type column, and the name and return attribute in the respective fields. "Cookie" and "HeaderVar" are the only types used by OAM WebGates, but your AccessGate (custom in-house connector) should be able to retrieve the values of propertytype that OAM sets.
  Regards,
  Colin

• Need example for using query string parameters in Web Dynpro

  Hello,
  Is it possible to transfer a Web DynPro application parameters at the query string (URL)?
  Can someone please show me an example of how to pass it and how to retreive it using code inside an application?
  Thank you in advance

  Hi,
  when launching WD apps in the Portal you have to define a WD iView in the Portal. This can be started using the NavigationTarget parameter.
  Parameters (ie. Business Parameters) that should be passed to the WebDynpro application can be defined in the iView itself - the iView attribute is called "Application Parameters". Here you can also define variable expressions like "emailaddr=<User.email>" so that the value of the email address is evaluated on runtime.
  This way you don't have to care about URL encodings at all
  The following user expressions can be used:
  <User.displayname>
  <User.uniquename>
  <User.firstname>
  <User.lastname>
  <User.salutation>
  <User.jobtitle>
  <User.department>
  <User.email>
  <User.telephone>
  <User.mobile>
  <User.fax>
  <User.streetaddress>
  <User.city>
  <User.zip>
  <User.country>
  <User.state>
  <User.timezone>
  udo

• Using query strings in links mysite.verizon web pages

  Has anyone had trouble using query strings in links to other web pages your personal web pages?  I have a link to another web page where I pass an ID using query string but when I click on the link I get a 404 error even though the web page exists (the link appears fine).

  Hello jillibee,
  Maybe this link will provide some assistance for you. http://forums.verizon.com/t5/FiOS-Internet/Personal-Website-Access/m-p/277209/highlight/true#M19266
  Thanks,
  Shamika_Vz
  Verizon Support
  Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or Plan.

• Receiver SOAP Adapter Use Query String

  Hello everybody,
  I want to include in my Receiver SOAP Adapter the message id as part of the URL String, but I need to include only the MessageId value, if I use the Use Encoded Headers and Use Query String options it includes all the header fields as part of the URL, is there a way to define only the fields that I need?, thanks in advance.
  Regards,
  Julio Cesar

  May be you could try to use adapter specific message attribute "TServerLocation". This will help you set the dynamic URL.
  http://help.sap.com/saphelp_nw04/helpdata/en/29/5bd93f130f9215e10000000a155106/frameset.htm
  Regards,
  Prateek

• URGENT : Challenge questions query: Oracle Access Manager 10g

  Hi all,
  This is a query regarding password challenge questions in Oracle Access Manager 10g. We have created password policies for a specific container in OID (say cn=xxx,cn=users,dc=oracle,dc=com) and it is working fine.
  In order to exclude certain set of users (say user ABC ) for password policies, we have set the obpasswordchangeflag to false for those users which are in same container for which password policy is created.
  When we try to login to the application with the user say ABC, I am not seeing any reset password page - I am happy till this point. However it is showing Configure Challenge questions page. Is there any way to bypass this page? Or is this the expected behavior?
  This is very urgent and prompt reply is very much appreciated.
  -Mahendra

  Hi Mahendra,
  This is expected behaviour. In order to exclude the password policy management for some certains user for particular domain/container. please add the below configuration parameter to your OAM10g password policy.
  Password Policy Filter Field     (!(|(cn=xxx)(cn=abc)))
  ----Ajay

• Pass username and password adfs without using query string

  pass username and password ADFS without using query string, Please help.
  I used query string , but it is unsecured to pass credentials over url, with simple tool like httpwatch , anyone can easily get the password and decrypt it.

  Hello MohitJainMJ,
  You're not in the right forum. Here it's for FIM topics!
  Regards,
  Sylvain

• Pass username and password ADFS without using query string, Please help.

  pass username and password ADFS without using query string, Please help.
  I used query string , but it is unsecured to pass credentials over url, with simple tool like httpwatch , anyone can easily get the password and decrypt it.

  Hi,
  According to your post, my understanding is that you had an issue about the ADFS.
  As this issue is related to ADFS, I recommend you post your issue to the forum for ADFS.
  http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.
  Thank you for your understanding and support.
  Thanks,
  Jason
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Jason Guo
  TechNet Community Support

• Purpose  of  Use Query string in communication channel.

  Hi all,
  I have a scenario in which the sender sytem communication channel uses:
  Use Query string,Use encoded header and EOIO.
  What is the purpose of these parameters.
  Please help.
  Thanks,
  Am

  http://help.sap.com/saphelp_nw04/helpdata/en/fc/5ad93f130f9215e10000000a155106/frameset.htm

• Use query string between two custom New Form

  Hi guys,
  i have a New Form . In this  form i have  a button that open(onClick) another list form (it is a  different list). I have to pass a field value from the first form to the other . How can i do this using query string?Help please!
  Thank you!

  To pass some value with query string, you just need to open the form url with the querystring parameters (jquery needed):
  var url = '<yourlist>/newform.aspx?parameter1=' + $('input[Title="Title"]').val()
  SP.UI.ModalDialog.ShowPopupDialog(url)
  on the second newform.aspx, you can grab the querystring parameters with the Sharepoint native function "_spGetQueryParam('<lower case query key>')"
  var x = _spGetQueryParam("parameter1")
  Note: make sure you use the key as lowercase, even you if pass it with chars in uppercase.

• How to protect custom applications using oracle access manager?

  Can someone brief me on how to protect custom applications using oracle access manager?

  Is the Custom application a Web Application running on certified platform? If its Web Application then its no different you have to configure the access policies with http(s) as resource type.
  If its not a web application you can write Custom access Gate and then implement. You would configure the policies similar to Web application (you can define your ouwn resource type if you like) and in the custom web gate you will use Access server SDK API to validate the access rules.
  Thanks
  Ram

• Configuration of APEX applications to use Oracle Access Manager for Login

  Is there Oracle documentation on configuring an APEX application to accept a login id passed by Oracle Access Manager? Would someone please help with some instructions on how to do it. Thanks.

  Hi Ravi,
  this looks like a WLS issue.
  1-You can try as a workaround to remove this validator configuration in taglib definition file: .tld and see the behavior.
  2-Or you are missing something into url.
  I hope this helps,
  Thiago Leoncio.

• Install Oracle Access Manager in existing Access Manager domain

  Hi
  I am operator of a windows system with Oracle Access Manager installed.
  We use OAM for SSO against Webpages in OIM running on Jboss, and now we are going to implement against a WebLogic webapplication too.
  The userbase is standard Active Directory
  I did not set up OAM myself so I'm not completely sure how it works.
  To be able to test the SSO solution given by an external provider, I need to have a proper stage environment.
  My idea is to set up another OAM on another server, wich points towards the same AD domaincontroller as the existing OAM
  Is this possible? In the installation guide I find that the new AccessManager system should be added into the existing OAM configuration , before we turn of the existing OAM and then install the complete OAM on the new server. Then we can turn on the existing OAM again, and implement them as clusters. I would like them to be two indipendent instances not affecting one another, but in the same AD domain to be able to test features in one of them and use the other as the production server.
  My fear is that I "mess up" the form in AD created from the old OAM, and that way mess the upp production environment.
  Edited by: user631873 on 11.sep.2009 06:22

  Hi,
  Technically, you can certainly set up a new OAM infrastructure which points to the existing AD instance. You could do this in a number of ways, for example:
  - set up the new instance so that it points to the same users and configuration branch as the existing instance, so that the new instance is effectively just an extension of the existing instance (with extra Identity and Access Servers, etc) ;
  - set up the new instance so that it points to the same AD instance, but uses different User searchbase and Config branch. In this case the new instance is more or less completely separate, but it happens to use the same directory ;
  - set up the new instance so that it points to the same Users, but a different Config branch, in which case the new instance has independed OAM configuration (policies, authentication schemes etc) but operates on the same user base.
  (In OAM you can define separate ldap locations for the Users, Identity Config and Access Config.)
  It depends on exactly what you want, but if the idea is to have a proper stage environment, then it is usually better for them to be completely independent, including the directory. OAM can update users as well as policies, and additionally different major versions of OAM have different schemas, so there are risks when using the same directory instance. Load testing is also an issue, since the directory is accessed extensivley by OAM.
  Regards,
  Colin

• Integrating Oracle EBS R12 with Oracle Access Manager 11g

  Hi Everyone ,
  Oracle Access Manager version 11.1.1.5
  Oracle Identity Management 11.1.1.6.0
  Oracle Access Manager WebGate 11.1.1.5
  Oracle E-Business Suite AccessGate patch p12796012
  Apps Version : 12.1.1
  DB Version 11.2.0.3
  PLatform : OEL 5.8
  We are trying to Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11g using Oracle E-Business Suite AccessGate.We followed metalink id's
  1309013.1 and 1543803.1 and some other documents.We have performed every step as documented , and everything seems to work fine untill user tries to log out from Oracle Applications i.e User
  is able to login to Oracle Applications through access gate and everything is working fine. But as user click logout button an error messsage is diplayed like "*500*
  *Internal Server Error Servlet error: An exception occured* " (The url at the time of this message is http://hostname:port/OA_HTML/AppsLogout ).
  Apps Tier (oacore) Application log:-
  +13/05/15 19:04:20.229 html: Servlet error+
  java.lang.NoSuchMethodError: oracle.apps.fnd.sso.SSOManager.getAuthAgentLogoutUrl(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
  at oracle.apps.fnd.sso.AppsLogoutRedirect.doGet(AppsLogoutRedirect.java:193)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)+
  at oracle.apps.jtf.base.session.ReleaseResFilter.doFilter(ReleaseResFilter.java:26)
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:15)+
  at oracle.apps.fnd.security.AppsServletFilter.doFilter(AppsServletFilter.java:318)
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)+
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)+
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)+
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)+
  Apps Tier Apache Error log :-
  +[Wed May 15 18:50:52 2013] [error] [client 192.168.0.2] [ecid: 1368624052:192.168.0.61:10798:0:44,0] File does not exist: /u01/eBiZR12/apps/apps_st/comn/java/classes//+
  WE have set all required profile in Oracle Application as directed in documents , and users are able to login just fine , but they are not able to logout.
  IS there something that we are missing , any help is highly appreciated.
  Regards
  Edited by: TheKop88 on May 16, 2013 11:39 AM

  Hi there ,
  Thanks for reply ,
  We had already gone through that document earlier. We noticed that when Apllication Profile "*Apllications SSO Type* " is set to SSWA then OA_HTML/AppsLogout is
  working fine , but when we set "*Applications SSO Type*" to SSWA w/SSO then OA_HTML/AppsLogout is not working(not redirecting) .Error thrown on web browser is "+500 Internal Server Error Servlet error: An exception occurred. The current application deployment descriptors do not allow for including it in this response+" . we believe that we might have missed some Profile settings that is causing this error.
  Regards
  Edited by: TheKop88 on May 16, 2013 12:03 PM
  Edited by: TheKop88 on May 16, 2013 12:07 PM

• Oracle Access Manager and Passing Cert Info to HTML or JSP

  Friends,
  We are trying to pass the CN information from our smartcard (CAC) that looks i.e. john.doe.123456789 as a parameters to an Oracle Forms using the staticHTML implementation utilizing the OBLIX SSO OR utilizing a JSP or HTML file to read these parameters and update OID. We can pass the UID but since we will have First-time Registration of the Smartcards, the UID doesn't count since the CN information from the Smartcard has not been populated at this point to the OID, we are trying to get the functionality going to get the user first to put in their login and password but at submit time, to update the OID with the CN information to a separate column of OID and not the UID.
  Utilizing the OAM, we have been able to proof concept the authentication using the UID by using the Policy Manager and the Access System Console --> Access System Configuration. It's works well with the plugin that comes with the OAM (SSOOblixAuth.java) and thx to Oracle Support, but we need to be able to pass other parameters that are specified as a part of the Resource - Action as headervars such as
  HeaderVar OBLIX_SN or
  hearderVar OBLIX_MAIL
  Our Oracle Access Implementation is in halt until we find a way to pass these return Attributes to our Oracle Forms. The Oracle Forms running SSO is working greatly with just the userlogin and password (UID is passed as a header) without the Oracle Access Manager (OBLIX) but now we have shifted to this product for reading and processing Smartcard information.
  Any help we can get, we very much appreciate it.
  KA

  O.K.
  I am getting closer but still not getting the ssooblixuser or ssooblixcn. I have
  the following jsp to fire after a successful authentication.
  The following code is utilized in our SSO environment for changing passwords.
  The bolded line should get the ssooblixuser but it is not..
  <%
  response.setHeader("Cache-Control", "no-cache");
  response.setHeader("Pragma", "no-cache");
  response.setHeader("Expires", "Thu, 29 Oct 1969 17:04:19 GMT");
  request.setCharacterEncoding("UTF-8");
  response.setContentType("text/html; charset=UTF-8");
  String remoteUser = null;
  String userDn = null;
  String referer = null;
  String oblixheader = null;
  remoteUser = request.getRemoteUser();
  userDn=request.getHeader("OSSO-USER-DN");
  referer=request.getHeader("referer");
  oblixuser = request.getHeader("ssooblixuser");
  %>
  <HTML>
  <HEAD>
  <SCRIPT language="JavaScript">
  function validatePasswordsMatch()
  var frm = document.forms["changePassword"];
  if(frm.newpwd.value != frm.confirm_newpwd.value)
  alert('The Password and verified password do not match!');
  return false;
  else
  document.changePassword.submit();
  return false;
  function cancelButton()
  document.close();
  </SCRIPT>
  </HEAD>
  <BODY bgcolor="#cae3ff" >
  <table width="750" height="10" border="0" cellspacing="0" cellpadding="0">
  </table>
  <TABLE ALIGN="Center">
  <TR><TD>User Name</TD><TD> <%=remoteUser%> </TD></TR>
  <TR><TD>OBLIX USER</TD><TD> <%=oblixuser%> </TD></TR>
  Edited by: user10130371 on Sep 17, 2009 8:09 AM
  Edited by: user10130371 on Sep 17, 2009 8:10 AM