How To Prevent OAM From Accepting Login Credentials In A HTTP GET Request
(Doc ID 2599800.1)
Last updated on SEPTEMBER 18, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.3.0 and later Information in this document applies to any platform.
Goal
How to configure the OAM server so that it will reject submission of authentication credentials when using the HTTP GET method.
For example, when accessing the URL http://<OAM_SERVER_HOSTNAME>:<OAM_SERVER_PORT>/oam/server/auth_cred_submit?&username=<USERNAME>&request_id=<REQUEST_ID>&password=<PASSWORD>&OAM_REQ=<OAM_REQ> the user should NOT be authenticated.
Solution
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!