New Features in OAM 22.214.171.124: Persistent Login (Remember Me)
One of the new features in OAM 11g R2 PS2 (126.96.36.199) is called Persistent Login also known as Remember Me. Basically this means that OAM will have the option to remember a user’s session for some defined period of time so even if they close their browser, they’ll be able to log back in again without providing credentials.
This is a common feature you see on many websites, but up until this point, in OAM 11g this feature was not available. It was possible with custom code but it was not out-of-the-box. Now with PS2, this is an out-of-the-box feature. In this blog post we will give you some pointers on configuring this new feature, with special emphasis on a few key points you won’t find in the Oracle documentation.
The Oracle documentation does a good job of walking you through the configuration, so we won’t cover these steps specifically. At a high level, you will need to:
- Check the “Allow Persistent Login” option on your Application Domain.
- Run a WLST command to enable persistent login globally in OAM
- Create a new Authentication Scheme with an additional Challenge Parameter: enablePersistentLogin=true
- Associate your resources with this new Authentication Scheme.
- For your Authorization Policies, add a new session response called allowPersistentLogin with value true.
All of these steps are fairly straightforward from the doc (which can be found here). The only key point missing is that it does not explicitly spell out that you need to check “Allow Persistent Login” for your Application Domain. This is buried in the introductory paragraph and it is easy to miss, so don’t forget this important step.
With these steps complete, the feature will now be enabled using the default out of the box login page.
Using A Custom Login Page
What the documentation doesn’t mention and isn’t completely clear about is how you can enable this feature with your own custom login page. Obviously not many customers stick with the default Oracle login page, so enabling this feature with a custom login page is essential.
To enable this feature with your own custom login page, you’ll simply need to add the following HTML form field to your login form:
- type: checkbox
- name: PersistentLogin
- value: true
That’s all there is to it.
To verify this functionality, access to your OAM protected resource, check the box, and login. When you close your browser and try again, you’ll find you will not be challenged for credentials. Take note of the new OAM_RM persistent cookie in your browser once this feature is enabled. If you remove this cookie, you will be challenged again for your credentials.