Is there Any Way to Disable Logging in by Passing ID and Password in The URL in Oracle Access Manager 10g (OAM10.1.4.3)
Last updated on JUNE 07, 2017
Applies to:COREid Access - Version 10.1.4.3.0 and later
Information in this document applies to any platform.
Let's say I have a web page at "http://www.abc.com/abc/xyz".
Let's say this page requires a login. The login is setup to use a form login.
I am finding out that I can log in and access the page right away without doing form login by passing query parameters "ID=USER_ID&password=PASSWORD" (i.e. USER_ID is the id and PASSWORD is password) like this:
1. How is this possible? Is this some kind of feature in OAM10g that allows to bypass the form login?
2. Can I disable this feature so users cannot log in this way?
3. Will OAM11g have the same feature.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms