My Oracle Support Banner

How To Prevent OAM From Accepting Login Credentials In A HTTP GET Request (Doc ID 2599800.1)

Last updated on SEPTEMBER 18, 2020

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Goal

How to configure the OAM server so that it will reject submission of authentication credentials when using the HTTP GET method.

For example, when accessing the URL http://<OAM_SERVER_HOSTNAME>:<OAM_SERVER_PORT>/oam/server/auth_cred_submit?&username=<USERNAME>&request_id=<REQUEST_ID>&password=<PASSWORD>&OAM_REQ=<OAM_REQ> the user should NOT be authenticated.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 Search for the "Security" XML section
 If the "Security" XML section is already present in the oam-config.xml file
 If the "Security" XML section is not found in the oam-config.xml file
 Save the oam-config.xml file back to the database
 Restart the servers
 Troubleshooting
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.