DCC Authentication Failure

After finally building my OAM 11.1.2.3.0 environment, I was playing with configuring a DCC with a custom Look and Feel. I thought I would have a look at the excellent article http://www.ateam-oracle.com/part-2-custom-login-and-logout-with-detached-credential-collector-dcc/ to give me a kick start to getting the ball rolling.

In there the following code is present

[code lang=”java”] <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head></head> <body> <h2> Enter your credentials </h2> <form action="/oam/server/auth_cred_submit" method="post" name="form"> Username: <input name="username" type="text" maxlength="25"> Password: <input name="password" type="password"> <input name="OAM_REQ" type="hidden" value=”<%= request.getHeader("OAM_REQ”) %>“> <input type="image" name="login" src="images/login.png" onclick="document.form.submit();"/> </form> </body> </html>[/code]

When I tried that I would get the following error screen on submission of a successful password after an initial password failure.
DCCErrorMessage
I could not figure out what the issue was straight away, as I was successfully POSTing the OAM_REQ data required. Then I decided to have a look at what actually was happening.
DCCErrorCapture
When the request failed, it was making a request for  images/login.png, which was overwriting the cookie of DCCtxCookie_xxxxxxx with a new value, causing there to be a mismatch in states between the OAM_REQ value and the DCCtxCookie_xxxxxxx value.
DCCIssue
After changing the JSP to not use JavaScript for submission, it worked.
[code lang="java"] <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head></head> <body> <h2> Enter your credentials </h2> <form action="/oam/server/auth_cred_submit" method="post" name="form"> Username: <input name="username" type="text" maxlength="25"> Password: <input name="password" type="password"> <input name="OAM_REQ" type="hidden" value=”<%= request.getHeader("OAM_REQ”) %>“> <input type="submit" name="login"/> </form> </body> </html>[/code]
DCCWorksCapture
So note to self, when having issues with OAM always check to see what is going on between the browser and OAM, as 9 times out of 10, it is something you have done, rather than OAM itself.
Loading Google+ Comments ...