Is there Any Way to Disable Logging in by Passing ID and Password in The URL in Oracle Access Manager 10g (OAM10.1.4.3)
(Doc ID 2004434.1)
Last updated on JUNE 07, 2017
Applies to:COREid Access - Version 10.1.4.3.0 and later
Information in this document applies to any platform.
Let's say I have a web page at "http://www.abc.com/abc/xyz".
Let's say this page requires a login. The login is setup to use a form login.
I am finding out that I can log in and access the page right away without doing form login by passing query parameters "ID=USER_ID&password=PASSWORD" (i.e. USER_ID is the id and PASSWORD is password) like this:
1. How is this possible? Is this some kind of feature in OAM10g that allows to bypass the form login?
2. Can I disable this feature so users cannot log in this way?
3. Will OAM11g have the same feature.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document