none
Backend Authenticaiton Problem - 401 request for LDAP RRS feed

  • Question

  • I'm trying to integrate Oracle Access Manager into UAG for providing SSO to application not published through UAG.  OAM seems to have two auth mechanisms, forms (which was easy to solve with FormFill.xml) and a 401 request that uses basic auth and anLDAP query to Active Directory.

    The issue I'm having is that whenever I try and use UAG SSO to authenticate to the 401 request, I get the following error:

    The request from user DOMAIN\JSmith at source IP address X.X.X.X to trunk mytrunk; Secure=1 failed because the request was unable to reply to an HTTP 401 request from application OAM Login of type OAM. The session ID is 30EAAB10-AEF1-46C4-8244-E626CE29205D

    Testing outside of UAG, I can only successfully authenticate to OAM using JSmith for the username, if I user DOMAIN\JSmith or JSmith@DOMAIN.local authentication fails.  Putting 2 and 2 together, I'm figuring UAG is trying to send the full domain creds in response to the 401.  Is there anyway to configure only the username to be sent?

    I presume some sort of PostValidate or AppWrap may help, but I've never delved into this specifically before.

    My AD authentication repository is set to forest authentication.

    Friday, August 5, 2011 3:42 PM

Answers

  • Hi DNG,

    you could use a postpostvalidate.inc customization, to create special formated copies of the lead user sessions and just store them in a dummy repository.

    On this way, you will end in having two different session user credentials sets and you will be able to decide which application will get which type of credentials by flipping the repository name within the publishing rules.

    -Kai

     




    • Proposed as answer by Kai Wilke Sunday, August 14, 2011 12:05 AM
    • Marked as answer by Erez Benari Friday, August 26, 2011 10:37 PM
    Friday, August 5, 2011 7:32 PM