Oracle Access Manager Authorization

Overview

This filter enables you to authorize an authenticated user for a particular resource against Oracle Access Manager (OAM). The user must first have been authenticated to OAM using the HTTP basic authentication or HTTP digest authentication filter. After successful authentication, OAM issues a Single Sign On (SSO) token, which can then be used instead of the user name and password.

General Configuration

Configure the following general fields:

Name:

Enter a descriptive name for this filter.

Attribute Containing SSO Token:

Enter the name of the message attribute that contains the user's SSO token. This attribute will have been populated when authenticating to Oracle Access Manager using the HTTP basic authentication or HTTP digest authentication filter. By default, the SSO token is stored in the oracle.sso.token message attribute.

Request Configuration

Configure the following fields to authorize a user for a particular resource against Oracle Access Manager:

Resource Type:

Enter the resource type for which you are requesting access (for example, http for access to a Web-based URL).

Resource Name:

Enter the name of the resource for which the user is requesting access. The default is //hostname${http.request.uri}, which contains the original path requested by the client.

Operation:

In most access management products, it is common to authorize users for a limited set of actions on the requested resource. For example, users with management roles may be able to write (HTTP POST) to a certain Web service, but users with more junior roles might only have read access (HTTP GET) to the same service.

You can use this field to specify the operation that you want to grant the user access to on the specified resource. By default, this field is set to the http.request.verb message attribute, which contains the HTTP verb used by the client to send the message to the API Gateway (for example, POST).

Include Query String

Select whether the OAM server uses the HTTP query string parameters to determine the policy that protects this resource. This setting is optional if the configured policies do not rely on the query string parameters. This setting is not configured by default.

OAM Access SDK Configuration

Configure the following fields for the OAM Access SDK:

OAM ASDK Directory:

Enter the path to your OAM Access SDK directory. For more details on the OAM Access SDK, see your Oracle Access Manager documentation.

OAM ASDK Compatibility Mode:

Select the Oracle Access Manager server version to which this filter connects (10g or 11g). Defaults to 11g.