When you have configured the Oracle Commerce Platform to work with OAM, requests to log into the Business Control Center are filtered by OAM.
If OAM receives a request that is not recognized as an existing valid SSO session, the user is directed to the centralized login form configured through OAM. Once there, the user must provide their log in credentials to access the Business Control Center. Refer to your OAM documentation on creating a log in screen.
If OAM does recognize an existing valid SSO session, the HTTP request is sent through the DAF servlet pipeline to the Business Control Center without directing the user to the OAM login form.
Once a user has been authenticated, OAM inserts a header name into the HTTP request. By default, OAM sets the header as OAM_REMOTE_USER
. This header name can be configured to another value in OAM, or when you are configuring OAM integration with CIM. The header value is stored in the userIdHttpHeaderName
property of the /atg/dynamo/servlet/dafpipeline/
.
OamRemoteUserServlet
As the HTTP request is processed by the DAF servlet pipeline, the /atg/userprofiling/
component reviews the HTTP request to obtain the user profile based on the user ID provided in the header. The user profile is then loaded and made active when initiating the Business Control Center.
ProfileRequestServlet
Note that when using OAM SSO authentication, the standard Oracle Commerce Platform login and user authentication process is disabled.
Logging in Transient Profiles
If the HTTP request does not have an Oracle Commerce Platform session cookie, and a new session has been created, the profile is considered to be transient. The /atg/dynamo/servlet/dafpipeline/OamRemoteUserServlet
sets the value of the user ID from the HTTP request header into the remoteUser
property of the DynamoHttpServletRequest
. The servlet pipeline continues when the ProfileRequestServlet
invokes the /atg/userprofiling/ProfileRequest
to extract the user ID from the remoteUser
property and uses it to load the associated user profile.
For detailed information on the ProfileRequestServlet
, refer to the Platform Programming Guide and the Personalization Programming Guide.
For information on the DAF servlet pipeline, refer to the Request Handling with Servlet section in the Platform Programming Guide.