Do the URLs in OAM Protect the Right Pages?
(Doc ID 1943616.1)
Last updated on JANUARY 06, 2023
Applies to:
Oracle WebCenter Sites - Version 11.1.1.8.0 and laterInformation in this document applies to any platform.
Goal
For integrating WebCenter Sites and Remote Satellite Server with Oracle Access Manager 11.1.1.x:
1. On Remote Satellite Server, according to <Document 1929684.1>, you need this configuration for OAM:
/<RSS_context_root>/<ellipsis>/* Excluded NA NA (e.g. /ss/.../* Excluded NA NA)
This means that all the resources under /ss/ are excluded by OAM.
2. On Webcenter Sites:
Following the "Table 23-1 Resources" in the doc https://docs.oracle.com/cd/E29542_01/doc.1111/e29751/oam_sites_int.htm#CHDDIBCI you exclude all the resource under the Sites context but you protect resources /<sites_context_root>/ContentServer/.../* and /<sites_context_root>/Satellite/.../*:
/<sites_context_root>/…/* Excluded NA NA
/<sites_context_root>/ContentServer/…/* Protected Protected Protected
/<sites_context_root>/Satellite/…/* Protected Protected Protected
Using /<sites_context_root>/ContentServer/…/* and /<sites_context_root>/Satellite/…/* you protect only URLs like:
/servlet/ContentServer/test/home.htm or
/servlet/Satellite/example/index.htm or
/servlet/Satellite/index.htm
or similar, but you don't protect URLS like
/servlet/ContentServer?pagename=myPage&c=MyAssetType&cid=1230987654321 or
/servlet/Satellite?pagename=myPage&c=MyAssetType&cid=1230987654321
Shouldn't these be protected as well?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |