Month: March 2010

Hardware Load Balancers #Oracle #IdM #OAM

Many people ask how they should implement hardware-based load balancers into an Oracle Access Manager (OAM) implementation. As a rule of thumb: load balancers should be placed in front of the web/application servers where the web gates are installed (i.e., between the browser and the web server) and that is it. OAM has built-in load balance functionality and can manage fail-over on its own. This is referred to as software-based load balancing.

I have seen some environments where clients have put load balancers in between the Identity/Access servers and their directory servers. With OAM this is unnecessary and not advised. According to Oracle documentation,

“performance can be negatively affected by the load balancer, which can terminate a connection but fail to trigger a response that OAM can adjust to. This can cause outages.”

– Performance Tuning 3-39,  http://download.oracle.com/docs/cd/E12530_01/oam.1014/e10353.pdf

Troubleshooting a Forms Based AuthN Scheme #Oracle #IdM #OAM

The best part about my job is that I am constantly in a position to learn new things.  I like to learn and discover new things.  While troubleshooting a form-based authentication scheme in Oracle Access Manager (OAM) I found that you can test the login (i.e., verify the credentials) and bypass the  login form by entering the the protected url with the login and password in the query string  in the browser address bar.  This is a really handy way to make sure that the credentials you are using are actually valid (and as I learned as a kid watching cartoons after school … knowing is half the battle).

i.e.,

http://server/protected/page.html?login=jsmith&password=MyPwd

Here is the snippet from Oracle’s documentation:

To make sure that the authentication scheme is set properly, you can attempt to access a resource protected with that authentication scheme, adding the credentials as query string parameters. This simulates a form whose method is GET without actually using the form.

For example, suppose the authentication scheme uses the following creds challenge parameter:

creds:login password

In this example, if the protected URL is http://server/protected/page.html, you could launch a browser instance and type the following:

http://server/protected/page.html?login=jsmith&password=MyPwd