How to Configure Oracle Access Manager (OAM) 11g so that the Applications are Secure and REST Calls will Keep Functioning
(Doc ID 2418193.1)
Last updated on JULY 17, 2018
Applies to:Oracle Access Manager - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
How to Configure Oracle Access Manager (OAM) 11g so that the Applications are Secure and REST Calls will Keep Functioning?
OAM environment that protects several applications.
After a session idle timeout or a token validity timeout, requests to the resources are redirected to OAM.
The rest calls are unable to process the form they are presented with and are unable to retrieve the data they need to operate. The end-user is confronted with a non-working application.
To circumvent the problem by doing 2 things:
- Set the idle timeout and the token validity to 10 hours (big security impact on all applications)
- Configure the rest resource as “excluded” (rest calls no longer protected)
Neither of these configurations are a solution because they lower the level of security.
How can we configure OAM so that the applications are secure (token validity timeout set to 1 hour and no excluded resource) and the REST calls will keep functioning after a timeout?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!