Saturday, February 26, 2011

Validating Authentication and Authorization in an Oracle Access Manager Application Domain : Part 1

MindTelligent, Inc.  is Oracle Technologies focused corporation based in El Dorado Hills, CA.

This tutorial elucidates the steps involve in several methods for confirming that Agent registration
and authentication and authorization policies are operational. The procedures are
nearly identical for both OAM Agents and OSSO Agents (mod_osso). However, OSSO
Agents use only the authentication policy and not the authorization policy.

Prerequisites

  • Users and groups who are granted access must exist in the primary LDAP User Identity Store that is registered with OAM 11g
  • Agents must be registered to operate with OAM 11g. After registration, protected resources should be accessible with proper authentication without restarting the Administration or Managed Server.
  • Application domain, authentication policies, and authorization policies must be configured.

To verify authentication and access



  1. Using a Web browser, enter the URL for an application protected by the registered Agent to confirm that the login page appears (proving that the authentication redirect URL was specified appropriately). For example: http://myWebserverHost.us.abc.com:8100/resource1.html
  2. Confirm that you are redirected to the login page.
  3. On the Sign In page, enter a valid username and password when asked, and click Sign In.
  4. Confirm that you are redirected to the resource and proceed as follows:
  •  Success: If you authenticated successfully and were granted access to the resource; the configuration is working properly.
  • Failure: If you received an error during login or were denied access to the resource, check the following:
            – Authentication Failed: Sign in again using valid credentials.
            – Access to URL ... denied: This userID is not authorized to access this resource.
            – Resource not Available: Confirm that the resource is available.
            – Wrong Redirect URL: Verify the redirect URL in the Administration

For questions, comments and feedback  please contact:
 Harvinder Singh Saluja

No comments:

Post a Comment

ForgeRock IAM : OpenDS (Open Directory Server). Importing LDIF files

The most efficient method of importing LDIF data is to take the OpenDJ server offline. Alternatively, you can schedule a task to import the ...