Troubleshooting a Forms Based AuthN Scheme #Oracle #IdM #OAM

The best part about my job is that I am constantly in a position to learn new things.  I like to learn and discover new things.  While troubleshooting a form-based authentication scheme in Oracle Access Manager (OAM) I found that you can test the login (i.e., verify the credentials) and bypass the  login form by entering the the protected url with the login and password in the query string  in the browser address bar.  This is a really handy way to make sure that the credentials you are using are actually valid (and as I learned as a kid watching cartoons after school … knowing is half the battle).

i.e.,

http://server/protected/page.html?login=jsmith&password=MyPwd

Here is the snippet from Oracle’s documentation:

To make sure that the authentication scheme is set properly, you can attempt to access a resource protected with that authentication scheme, adding the credentials as query string parameters. This simulates a form whose method is GET without actually using the form.

For example, suppose the authentication scheme uses the following creds challenge parameter:

creds:login password

In this example, if the protected URL is http://server/protected/page.html, you could launch a browser instance and type the following:

http://server/protected/page.html?login=jsmith&password=MyPwd

2 thoughts on “Troubleshooting a Forms Based AuthN Scheme #Oracle #IdM #OAM”

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top