My Oracle Support Banner

How to Configure Oracle Access Manager (OAM) 11g so that the Applications are Secure and REST Calls will Keep Functioning (Doc ID 2418193.1)

Last updated on JULY 17, 2018

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Goal

How to Configure Oracle Access Manager (OAM) 11g so that the Applications are Secure and REST Calls will Keep Functioning?

OAM environment that protects several applications.

Several of those applications use rest calls from JavaScript (from the browser) to retrieve data during usage.

After a session idle timeout or a token validity timeout, requests to the resources are redirected to OAM.

The rest calls are unable to process the form they are presented with and are unable to retrieve the data they need to operate. The end-user is confronted with a non-working application.

To circumvent the problem by doing 2 things:
- Set the idle timeout and the token validity to 10 hours (big security impact on all applications)
- Configure the rest resource as “excluded” (rest calls no longer protected)

Neither of these configurations are a solution because they lower the level of security.

How can we configure OAM so that the applications are secure (token validity timeout set to 1 hour and no excluded resource) and the REST calls will keep functioning after a timeout?
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.