By default OAM populates User Login value to OAM_REMOTE_USER attribute after authentication.
If there is any third party application is integrated with OAM for single sign on, then that application consumes OAM_REMOTE_USER attribute for further work.
There can be a possiblity of customer want to use the different attribute in downstream application than User Login. Below are the steps to achieve this :
1. Navigate to your Application Domain --> Open the Authorization Policy attached to your protected resources.
2. Open the Responses tab and add the parameter you want to pass to downstream application for their use.
For.e.g :
Name : OAM_ASSERT_ATTR
Type : Header
Value : $user.attr.mail
3. In the downstream application's Admin server create an OAMIdentityAsserter. In the Active Types select OAM_REMOTE_USER and OAM_IDENTITY_ASSERTION in common section.
4. Now in Provider Specific section provide the value OAM_ASSERT_ATTR as a SSOHeader Name.
Monday, 28 September 2015
OAM (11.1.2.2.6) LockoutAttempts allows extra fail attempt than configured in oam-config.xml
IF you have Webgate-OAM (11.1.2.2.6) configured with OUD (or any idstore) for user authentication. You have configured LockoutAttempts” in oam-config.xml to 3 or any count as per your requirement.
So In OAM you are allowing only 3 fail login attempts to the user so after that user will be lock. But the difference you will see in the data is as below :
1. User tried 3 fail login attempt he got locked oblockedon is also set with current time. Trycount is also set to 3.
2. Now after some time user has tried 4th fail attempt to login and his oblockedon got updated with current time and trycount is set to 4.
3. Again after some time try one more fail attempt no data will be modified.
This is the bug in OAM 11.1.2.2.6. Oracle bug
This issue will be resolved in latest OAM patch.
So In OAM you are allowing only 3 fail login attempts to the user so after that user will be lock. But the difference you will see in the data is as below :
1. User tried 3 fail login attempt he got locked oblockedon is also set with current time. Trycount is also set to 3.
2. Now after some time user has tried 4th fail attempt to login and his oblockedon got updated with current time and trycount is set to 4.
3. Again after some time try one more fail attempt no data will be modified.
This is the bug in OAM 11.1.2.2.6. Oracle bug
Bug 21224281 - OBLOGINTRYCOUNT AND OBLOCKEDON GET INCREMENTED PAST THE "LOCKOUTATTEMPTS" VALUE
|
This issue will be resolved in latest OAM patch.
Subscribe to:
Posts (Atom)