Logging into Oracle.com SSO Site (OAM) Programmatically
I
n most of the real time projects,
we usually have a scenario where we need to login to third party SSO site (which
implements OAM) from custom page. In this article, we shall see how to write
Custom Login page which directly logins into oracle.com website and opens the
oracle welcome page after logging in.
You can download the files from below location:-
Download Here
1.
URLUtility.class which uses HttpURLConnection
and gets valid OAM_REQ transient cookie value. Snapshot of code is pasted:-
public static String getOAM_REQ() {
try {
String url =
"http://www.oracle.com/webapps/redirect/signon?nexturl=https://support.oracle.com/cloud/faces/index";
// First set the default cookie
manager.
java.net
.CookieHandler
.setDefault(new
java.net.CookieManager(null, java.net
.CookiePolicy
.ACCEPT_ALL));
java.net.URL obj = new
java.net.URL(url);
java.net.HttpURLConnection conn =
(java.net.HttpURLConnection) obj.openConnection();
conn.addRequestProperty("User-Agent", "Mozilla");
System.out.println("Request
URL ... " + url);
boolean redirect = false;
// normally, 3xx is redirect
int status =
conn.getResponseCode();
if (status !=
HttpURLConnection.HTTP_OK) {
if (status ==
HttpURLConnection.HTTP_MOVED_TEMP || status ==
HttpURLConnection.HTTP_MOVED_PERM ||
status ==
HttpURLConnection.HTTP_SEE_OTHER)
redirect = true;
}
System.out.println("Response
Code ... " + status);
java.net.HttpURLConnection conn1 =
null;
if (redirect) {
// get redirect url from
"location" header field
String newUrl =
conn.getHeaderField("Location");
System.out.println("Redirect to URL : " + newUrl);
// get the cookie if need, for
login
String cookies =
conn.getHeaderField("Set-Cookie");
System.out.println("Redirect to URL : " + newUrl);
java.net.URL newUrlObj = new
java.net.URL(newUrl); //,new sun.net.www.protocol.https.Handler());
// open the new connnection
again
conn =
(java.net.HttpURLConnection) newUrlObj.openConnection();
conn.setRequestProperty("Cookie",
cookies);
conn.addRequestProperty("User-Agent", "Mozilla");
System.out.println("Response Code ... " +
conn.getResponseCode());
}
BufferedReader in = new BufferedReader(new
InputStreamReader(conn.getInputStream()));
String inputLine;
StringBuffer html = new
StringBuffer();
while ((inputLine = in.readLine())
!= null) {
html.append(inputLine);
}
in.close();
System.out.println("URL
Content... \n" + html.toString());
String htmlStr = html.toString();
System.out.println("Done");
int beginIndex =
htmlStr.indexOf("OAM_REQ\" value=\"") +
"OAM_REQ\" value=\"".length();
int endIndex =
htmlStr.indexOf("\"><", beginIndex);
System.out.println("beginIndex=" + beginIndex);
System.out.println("endIndex=" + endIndex);
String OAM_REQ =
htmlStr.substring(beginIndex, endIndex);
return OAM_REQ;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
Code Snapshot pasted below:-
<!DOCTYPE html>
<%@ page
contentType="text/html;charset=UTF-8"%>
<%
String userName = "ENTER_VALID_USER_NAME";
String pwd = " ENTER_VALID_PASSWORD ";
String oam_req = foo.URLUtility.getOAM_REQ();
String finalUrl =
"https://login.oracle.com/oam/server/auth_cred_submit?username="+userName+"&password="+pwd+"&OAM_REQ="+oam_req;
System.out.println(finalUrl);
response.sendRedirect(finalUrl);
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8"/>
</head>
<body>
</body>
</html>
3.
When customLoginDirectly.jsp is ran, you will
find logged into the session and will open up
https://support.oracle.com/cloud/faces/index
Brief flow when we login to oracle.com
Reference: http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/sso.htm#autoId0
SSO Log-in with Embedded Credential Collector and OAM Agents
Process overview: SSO Login Processing with Embedded Credential Collector and OAM Agents
- The user requests a resource.
- Webgate forwards the request to Access Manager for policy evaluation.
- Access Manager:
- Checks for the existence of an SSO cookie.
- Checks policies to determine if the resource protected and if so, how?
- Access Manager Server logs and returns decisions.
- Webgate responds as follows:
- Unprotected Resource: Resource is served to the user.
- Protected Resource:
Request is redirected to the credential collector.The login form is served based on the authentication policy. Authentication processing begins
- User sends credentials.
- Access Manager verifies credentials.
- Access Manager starts the session and creates the following host-based cookies:
· One per Agent: OAMAuthnCookie set by 11g Webgates (ObSSOCookie set by 10g Webgate) using the authentication token received from the OAM Server after successful authentication.
Note: A valid cookie is required for a session.
· One for OAM Server: OAM_ID
- Access Manager logs Success or Failure.
- Credential collector redirects to Webgate and authorization processing begins.
- Webgate prompts Access Manager to look up policies, compare the user's identity, and determine the user's level of authorization.
- Access Manager logs policy decision and checks the session cookie.
- OAM Server evaluates authorization policies and cache the result.
- OAM Server logs and returns decisions
- Webgate responds as follows:
- If the authorization policy allows access, the desired content or applications are served to the user.
- If the authorization policy denies access, the user is redirected to another URL determined by the Administrator.