How To Prevent OAM From Accepting Login Credentials In A HTTP GET Request (Doc ID 2599800.1)

Last updated on SEPTEMBER 18, 2023

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Goal

How to configure the OAM server so that it will reject submission of authentication credentials when using the HTTP GET method.

For example, when accessing the URL http://<OAM_SERVER_HOSTNAME>:<OAM_SERVER_PORT>/oam/server/auth_cred_submit?&username=<USERNAME>&request_id=<REQUEST_ID>&password=<PASSWORD>&OAM_REQ=<OAM_REQ> the user should NOT be authenticated.

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

Search for the "Security" XML section

If the "Security" XML section is already present in the oam-config.xml file

If the "Security" XML section is not found in the oam-config.xml file

Save the oam-config.xml file back to the database

Restart the servers

Troubleshooting

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

How To Prevent OAM From Accepting Login Credentials In A HTTP GET Request (Doc ID 2599800.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!