Protected URL vs role mapping in OAM

Hi,
Can we do map Protected URL vs role mapping ?
for example I have some ULR need to be protected thru OAM. Now based on url, user should get the screen. I have user and role in OID.
My Doubt is : Once user it authenticated, how IDM is conforming that user has access to particular URL or not ?
or is there any way to do so ? Can I map my 50 URL to 50 role and assign this role to user in oracle IDM?
Any Help Apprecaited.

I am too looking for something similar i.e. if users requested url is '/xyz' check if they are in role 'admin' or 'abcde' if not then authentication fails.
If you find anything please share.
Thanks

Similar Messages

  • URL in Role?

    Is it possible to determine the role to which a URI has been mapped in the
    security-constraint element in web.xml?
    ie: given the security constraint element below, is their a weblogic
    function/API that can be called as follows
    getRoleForURI("/cust/balance.jsp") which would return "customerBankingRole"
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>banking</web-resource-name>
    <url-pattern>/cust/balance.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>customerBankingRole</role-name>
    </auth-constraint>
    </security-constraint>

    Neil,
    Thanks for your reply.
    We are using the RDBMSRealm and want to dynamically hide/show links on our
    site depending on whether the logged in user has access to the particular
    URL.
    I have been debugging the RDBMSRealm. When a link is clicked on our site the
    role(s) that the URL has been assigned in our webapp are passed to the
    RDBMSRealm, not the URL itself. Therefore Weblogic must be making the link
    between URL and role internally.
    I was hoping the mechanism that WebLogic uses internally would be available
    to developers for the reason mentioned above.
    Brent.
    "Neil Smithline" <[email protected]> wrote in message
    news:[email protected]..
    No. There is no such call (incidentally it would have to return a
    collection of roles as there can be multiple).
    I'm wondering what would you use it for. Are you using programmatic
    security and trying to parse this information yourself?
    --- Neil
    Neil Smithline
    WLS Security Team
    BEA Systems
    "Brent Burgess" <[email protected]> wrote in message
    news:[email protected]..
    Is it possible to determine the role to which a URI has been mapped in
    the
    security-constraint element in web.xml?
    ie: given the security constraint element below, is their a weblogic
    function/API that can be called as follows
    getRoleForURI("/cust/balance.jsp") which would return"customerBankingRole"
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>banking</web-resource-name>
    <url-pattern>/cust/balance.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>customerBankingRole</role-name>
    </auth-constraint>
    </security-constraint>

  • Single Sign on and Protect URL step

    Hi,
    I have successfully installed Oracle Internet Directory, Identity Server, Web Pass, Policy manager, Access Server and WebGate (attached to Oracle HTTP Server from Oracle Management Infrastructure).
    My questions are:
    - How do I protect URL so the user will need to login to access certain URL?
    - How do I enable single sign on and test it?
    - What are the general steps involve to enable URL protection (so if the url is protected it will prompt for username and password) and single sign on using Oracle Internet Directory?
    Kindly help me if anyone know a solution or can point me to the right documentation. I have tried to read Oracle Access Manager - Access Administration Guide, but keep getting confused.
    Thanks.
    Regards,
    Alfonso

    Hi,
    You can follow Oracle Access Manager Integration Guide (10.1.4.0.1) B25347-01, chapter 4, to achieve this. This document will answer most of your questions.
    Regards,

  • Retrieving data from a password protected URL

    Hi guys,
    I was hoping that someone might be able to advise me on how to read data into java from a password protected URL. The first page has a "login" area, where the username and password must be supplied before access to the next pages are allowed. It is from these following pages that I wish to get the data.
    I have a user name and password, and when I log in the usual way no cookie is created, nor is the username or password displayed as a part of the URL. Therefore, when I run my HTML parsing program to parse those pages, I get a message saying that I have to login first.
    You can have a look at the site should you wish (I strongly advise this to get an understanding of the problem): http://news.ft.com/home/uk/
    If anybody has some source code that could resolve this issue, I would be terribly grateful.
    Thanks!

    Hi.
    Usually you should be able to access
    password-protected sites using a URL of the
    form:http://username:[email protected]
    -page.com/If you're trying to access those sites without using a
    browser, you still have to encode the username and
    password with base64-encryption, which is usually done
    by the browser.
    cheers,
    kelysarMy program accesses this site without using a browser.....
    In this case would you or anybody else be able tell me how to go through the process from start to finish? I just haven't got a clue!

  • Is it possible to modify the tag structure tree and the role map via scripting?

    We use unstructured FrameMaker to produce training materials which we distribute as tagged PDF to meet accessibility requirements.
    When FrameMaker creates a tagged PDF, it does a fairly good job of populating the structure based on the PDF setup information for the paragraph formats in the FrameMaker documents. However, there are some limitations in the support that FrameMaker provides. For example, almost all paragraphs are assigned to the P role even if they are headings and should be mapped to H1-H6.
    We want to be able to easily post-process a PDF that has been generated from FrameMaker to fix some of the tag structure issues (including tag names and the role map) so that the PDF will provide the optimum experience for a user of the JAWS screen reader.
    I spent some time reading the SDK documentation but didn't find much information about manipulating a tagged PDF via the API, especially via scripting.
    Does anyone have any examples or references which explain how to do it?

    AFAIK, it's not possible with a script. You might want to ask in the SDK forum, as it could be possible with a plugin.

  • Policy agent protected URL auth problem

    Hi all,
    Anyone knows why the policy agent failed to identify a user with valid cert and ldap pwd and thus allow the user to goto the protected URL resources? (IIS with policy agent 2.0 for W2K)
    The IDS server instance was created with security on and "Client Auth" also on. All the accesses worked OK while the "client auth" in not ON. In fact, the user could goto the user profile page with the cert or the LDAP pwd, OAC were all set to enable cert and LDAP=SUCIFICENT even with "client auth" is on, just could not get to the URL it protected. (IDS is running on a Soalris box, V6.0 mtr from the download center)
    The policy agent logs shown that the IDS authentication service failure with code 3.
    Any hints on that?

    When a user clicks the logout button in your Portal application that link needs to send the user to the /amserver/UI/Logout page to terminate the session. You can specify the goto parameter in the link so the user does not see the logout page. You can also specify a particular logout URL pattern in the AMAgent.properties file that when the agent sees a request for that URL it will terminate the session on the AM server and clear out it's cache.

  • Structural Authorisation & Position Based Role Mapping ( Indirect Roles)

    Hi
    I have few queries on Structural Authorization & Position Based Role Mapping (Indirect Role Assignment).
    This is a public sector implementation. We are migrating from the traditional based (assigning roles to users) to Indirect role assignment.
    1. Can we integrate both structural authorizations and position based role mapping in one system?
    2. If we implement structural authorizations and position based role mapping in a single system, then do we need to assign the role to the chief position or it would automatically have the authorizations which are assigned to the users below chief position.
    3. First step do we need to create the users in SU01 / SU10 or can we create the entries in PA30. Which one comes first or both independent.
    4. If the user moves from one position to the another position then there would need to be a grace period of shift over of Roles. Where do we maintain the shift over value of days. Do we need to maintain in both.
    Any help or suggestions on the above would be appreciated.
    Thanks and Regards
    Arun R

    Hi
    1. Can we integrate both structural authorizations and position based role mapping in one system?
    Yes you can.  Structural authorisations and position based role mapping can be assigned to the same org plan in SAP.
    2. If we implement structural authorizations and position based role mapping in a single system, then do we need to assign the role to the chief position or it would automatically have the authorizations which are assigned to the users below chief position.
    No, the SAP role is unique to the postion it is assigned to. But remember not all employees will be assigned to a position - in this case you have to assign the sap role directly to the user in SU01/SU01
    3. First step do we need to create the users in SU01 / SU10 or can we create the entries in PA30. Which one comes first or both independent.
    Create user in SU01.SU10 first before creating infotype 105 in PA30.
    4. If the user moves from one position to the another position then there would need to be a grace period of shift over of Roles. Where do we maintain the shift over value of days. Do we need to maintain in both.
    *When a users assignment in the org structure changes then you must run RHRPROFL0 to update the user assignment to the new position.   
    Also the number of days an employee can have access to their previous data is controlled by the parameter is called ADAYS - tx OOAC .  SAP currently defaults this to 15 days and this is used  to control the number of days that the employee can still access the data they created even though they are assigned to a different organisation with different authorisations.
    Hope this helps.
    Charmaine

  • Need work around for image gallery with password protected URLs

    Is there a way to display an image gallery that has password protected URLs?
    I can build the image gallery in Siena using an excel table with a list of the images and when I preview the app inside Siena I get the expected credentials prompt from IE, and I enter the credentials and the images load and display with their captions perfectly.
    There are 4-6 images in the gallery.
    When I publish and produce a store app, the app errors out with can’t connect and obviously fails on
        var GenericInitError = "The app could not connect to the server. Please try again later.",
            GenericInitTitle = "Network error";
    Most likely because Siena wants to preload everything and there is no way with preload to enter credentials.
    I am looking for any alternatives that would let me get around this.
    TIA
    -- Barb Bowman

    On Mon, 24 Mar 2014 05:10:01 +0000, Radu Gruian (MSFT) wrote:
    >One possible thing to do would be download and embed the images into your app, eliminating the need for password-based authentication.
    Nope. The app accesses a group of IP Security cameras. Static images would not
    make any sense. And authentication is required. Not negotiable.
    -- Barb Bowman

  • I want to allow only specific url using class-map

    i have two  dir on server like abc and  xyz  on the web server , but i have blocked the url using class-map like *xyz*
    is there any way to allow specific url  like in dir /abc/login.html and block all the files from /abc dir

    Thanks.  Actually, I posted my query because I haven't been able to make Parental Controls in OS X do what I want. I've been trying that tool for a while.  It seems that there are sort of three options:
    1. Allow everything with no exceptions
    2. Block sites that fail an automated filter for "adult" content, and then add back allowable sites.
    3. Block everything, and then add a white list of allowed sites
    In my case, option 2 doesn't work, because frankly, I don't care if my kids choose to look at content that somebody has evaluated as "adult."  Generally, the web log says that they don't, and if that does become an issue, then I will deal with it when it arises.  
    What I want to be able to do is the direct opposite of option 3 listed above:  Allow everything except an admin-specified black list defined per user, and be able to modify that list from time to time when I have a specific issue with a specific user. 
    I just want to be able - from time to time, like when I know they are behind on school work - to be able block a short list of "innocuous" persistent time-sucking sites as Youtube, Facebook, Twitter etc., even though there is not necessarily any objection content per se on the sites I want to block for that specific user (the "user-specific, admin-defined blacklist").   It is the lost (mis-allocated) time, not the risk of loose morals that concerns me.
    Network-level solutions exist, but these do not allow me to discriminate among user accounts as far as I can tell.  If anybody knows of a good solution that works in OS X across various platforms - freeware or commercial - I will appreciate a lead.   Or, if there is a hack that will allow me to accomplish this in Parental Controls, I would appreciate a pointer in that direction, as well.

  • Role Mapping For Portal Role Assignment and ABAP Role Assignment

    Summary:
    - Under the GRC configuration of Roles> Role Mapping we are trying to utilize the  role mapping feature in GRC for associating a dependent role to a main role.
    - We want to use this role mapping feature for the purposes of adding an Enterprise Portal role for every ABAP role that gets approved for the user in an ABAP component system (i.e. ECC, BW, CRM etc). We will have a 1:1 mapping of Enterprise Portal role to ABAP role defined in the role mapping section in GRC.
    - We want to set up the workflow in such a way that the main role (ABAP role) is the only role that needs to be approved. The dependent role (Enterprise Portal role) should be added or not added based on the approval or denial of the main role (ABAP role). In other words if the role owner for the abap role approves the abap role, then both the abap and EP role will be provisioned by GRC and if the role owner rejects/denies the role, then neither the abap or EP role will be provisioned by GRC.
    Problem Description:
    Our Scenarios we tested:
    Scenario 1:
    Main Role:  Attached to Initiator A & workflow A (routes to single approver based on role)
    Dependent Role:  Attached to Initiator B & workflow B (routes to auto approval or no approval)
    *Problem with the Scenario 1setup above, the dependent role will always get approved & provisioned regardless of the approval or denial of the main role. 
    Scenario 2:
    Main Role:  Attached to Initiator A & workflow A (routes to single approver based on role)
    Dependent Role:  Attached to Initiator A & workflow A(routes to single approver (same as main approver) based on role)
    *Problem with the Scenario 2 setup above, the dependent role will always also need to get approved by the same approver as main role and it opens the possibility that the approver may accidently approve the main role and deny the dependent role, which is not the ideal setup as we inherit the risk of human error.
    Questions:
    1. Does the dependent role need to be defined in an initiator at all since it will never directly be requested directly?
    2.  If the dependent role does need to be in the initiator file, please describe how to properly setup the initiator and workflow stage & path so that we can maintain the desired relationship with the main role approval dependency? (if the role owner for the main role approves the main role, then both the main role and dependent role will be provisioned by GRC and if the role owner rejects/denies the main role, then neither the main role or depedent role will be provisioned by GRC
    Edited by: Rene Griffith on Feb 26, 2010 10:22 PM

    I tested this set up.
    1.  Defined ABAP role as Manin role
    2.  Defined Non-ABAP role as dependednt role
    3. ABAP role  is set up in initiator requiring business approval.
    4.  Non-ABAP role is set up in initiator with no approval required.
    Results Where Business Approver approves the ABAP Role
    1. Only the ABAP role is displayed in approver view which is desirable.
    2.  ABAP role is approved and Non-ABAP role and ABAP role is provisioned.
    Results Where Business Approver rejects the ABAP Role
    1. Only the ABAP role is displayed in approver view which is desirable.
    2.  ABAP role is rejected but  Non-ABAP role is provisioned which is not what we want.  We want the Non-ABAP role not to provision if the ABAP role is rejected by the business approval.
    Thanks again for your help.

  • BRM: What is the use of Role Mapping???

    Hi All,
    This seems to be very stupid query. However, I am stuck with this simple understanding.
    In BRM document located in SCN, it says that:
    a.  Role mapping allows related roles mapped to a Single Role
    b.  These roles are provisioned when the Single Role is provisioned
    May I know:
    1. If different single roles can be mapped to the single role being created using BRM?
    2 As far point#b above, does it mean that as soon as the single role is assigned to a user, all the "mapped" roles are also assigned in the back end system?
    3. I tried point#2 above, however, the mapped role is not assigned to the user. By the way, I assigned the role in the backend system through PFCG.
    How it is different from Business Role?
    Please help me understand this concept and the system behavior.
    Regards,
    Faisal

    Hi Faisal,
    Your understanding is perfect and that's how role mapping works. I just tested in my system and it is working fine and we are on GRC SP13.
    Please check if you could request roles XYZ & TEST directly (just to be sure they are in BRM).
    If yes, please attach screenshot how you have mapped those roles.
    Regards,
    Madhu.

  • Redirect to custom url after successful authentication by OAM

    Hello,
    I need to redirect the user to some custom url instead of original requested url after successful authentication in OAM 11.1.2 (11g release2).
    The requirement in my case is depending upon the user type and the region(one of the user's ldap attributes) it belongs to, it should be redirected to one of the 2 available applications.
    I have tried implementing the same using custom authentication plugin in which I have used RedirectionActionContext class.
    I have also tried setting plugin response as REDIRECT and specifying the custom page url.
    I have also tried changing the "resource_url" parameter in authentication context.
    However, none of above approaches are working.
    Can anybody help me?
    Thanks,
    Purva

    Hello,
    I have exactly the same requirement. Have you solved the problem?
    Thanks,
    Purva

  • E-Commerce for ERP role mapping to UME

    Experts,
    We have successfully configured the ECO module to use the UME in addition to SU01.  We are able to create users in both systems in ISAUSERADMIN.  However, the newly created users in UME have no roles assigned to them.  We found one SAP Note that seems to be relevant ([891151|https://service.sap.com/sap/support/notes/891151]).  Unfortunately, it is very vague on how to setup the user mapping.  We have tried several permutations of the role assignments to no avail.
    Has anyone done this before, and if so could you provide some examples?

    We discovered the problem.  We were updated the right file for the wrong application.  The file ume-config.xml needs to updated from the application crm~isauseradm.  Once we discovered this, the UME role mapping worked.  We are now able to assign UME roles to a new user when they are created or updated in ISAUSERADMIN.
    - Andrew

  • Scripting Enterprise Groups-Application Roles mapping

    Hi All,
    For my WebCenter Portal, I have local Application Roles that need to be mapped to Enterprise Groups. I know this can be done from the Portal Administration console using "Add Groups". This doesn't seem to persist across re-deployments.
    I tried doing this via the Security Editor in JDeveloper. For this I had to first create the same Enterprise Roles in jazn-data and then map them to the Application Roles. However, on deployment, this causes the existing users on weblogic to lose their respective Enterprise Groups assignments.
    Is there a way to script the group-role mapping using WLST or other so that I can run the script as a deployment step?
    Best Regards,
    Bijesh

    Hi,
    The following links explains different ways to achieve your desired goals.
    1)http://weblogic-wonders.com/weblogic/2010/11/10/wlst-script-to-add-users-groups-and-modify-roles/
    2)http://www.orastudy.com/oradoc/selfstu/fusion/core.1111/e10043/apadvadmin.htm
    3)http://middlewaremagic.com/weblogic/?p=4981
    Hope it helps you.
    Regards,
    Hoque

  • Custom Role Maper example

    Hi All,
    Can any one provide sample Role mappers example?
    I am basically ADF developer,i am not fully aware of weblogic API.
    it would be great if you guys tell me how to start or if you provide some sample links.
    appreciate you help
    Thanks
    KT

    reply to your thread.
    custome role maper example

Maybe you are looking for

  • Oracle JDeveloper 11g (11.1.2.2.0) (Build 6183)Installations

    I clicked the Studio Edition:11.1.2.2.0 Windows Install Download File button from the Oracle JDeveloper 11g (11.1.2.2.0) (Build 6183)Installations page. After that I clicked Save and a window displayed with the % complete. It goes to 99% complete and

  • IPHoto 11 continually hangs

    I am becoming very frustrated with iPhoto 11.  First, I hope the development team reads this and can fix it. Every time I try and drag a photo to a slide show the cursor turns into a wheel and just starts spinning.  Then after waiting for 20 seconds

  • HT3382 Mini Display and Thunderbolt compatibility

    I have a Apple LED Cinema display that uses the Mini Display. I plan to get a new MacBook Air that has thunderbolt display connector. Will my old display work with my new MacBook Air?

  • Why is FF crashing when working with fb?

    FF beta is my default browser for moto g..everytime i am clicking on a link to open in a browser FF returns the FF crash message. Us there some API issue. this is irritating. Please advise at the earliest

  • Adjustment layer as parent?

    Hi, Is it possible to make lots of layers point to one adjustment layer to dictate iwhich effects it has? I have tried using a Null layer - doesn't seem to work, Nor do adjustment layers. I am just really playing around with curves, hue sat and remov