How to allow multiple login attributes in OAM/OAAM integration using a custom TAP module (Doc ID 2190079.1)

Last updated on FEBRUARY 10, 2017

Applies to:

Oracle Adaptive Access Manager - Version 11.1.2.2.0 to 11.1.2.3.0 [Release 11gR2]
Oracle Access Manager - Version 11.1.2.2.2 to 11.1.2.3.0 [Release 11g]
Information in this document applies to any platform.

Goal

The requirement is to allow users to choose at login time from 2 different attributes from LDAP (e.g. uid and email address). For login user enters username and password on the OAAM page used when integrated with OAM (oaam_server/oamLoginPage.jsp).

Doing so, however, will imply that OAAM will have to keep two security profiles corresponding to each login attribute. When user is authenticated using a different attribute for the first time he will be seen as a new user (OAAM will create a new user record with login_id set to the new attribute value in the VCRYPT_USERS database table) so the registration process will take place again.

This will affect as well any pattern, behavior data which OAAM registers for that user (which will actually be seen by OAAM as 2 users now) so it's not recommended in case one wants to have highly accurate login and pattern data for each user.

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms