My Oracle Support Banner

Do the URLs in OAM Protect the Right Pages? (Doc ID 1943616.1)

Last updated on JANUARY 06, 2023

Applies to:

Oracle WebCenter Sites - Version and later
Information in this document applies to any platform.


For integrating WebCenter Sites and Remote Satellite Server with Oracle Access Manager 11.1.1.x:

1. On Remote Satellite Server, according to <Document 1929684.1>, you need this configuration for OAM:

/<RSS_context_root>/<ellipsis>/* Excluded NA NA     (e.g. /ss/.../* Excluded NA NA)

This means that all the resources under /ss/ are excluded by OAM.

2. On Webcenter Sites:
Following the "Table 23-1 Resources" in the doc you exclude all the resource under the Sites context but you protect resources /<sites_context_root>/ContentServer/.../* and /<sites_context_root>/Satellite/.../*:

/<sites_context_root>/…/* Excluded NA NA
/<sites_context_root>/ContentServer/…/* Protected Protected Protected
/<sites_context_root>/Satellite/…/* Protected Protected Protected

Using /<sites_context_root>/ContentServer/…/* and /<sites_context_root>/Satellite/…/* you protect only URLs like:

/servlet/ContentServer/test/home.htm or
/servlet/Satellite/example/index.htm or

or similar, but you don't protect URLS like

/servlet/ContentServer?pagename=myPage&c=MyAssetType&cid=1230987654321 or

Shouldn't these be protected as well?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.