• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


  • Categories

  • Archive

  • How to protect Apache Shindig application using Oracle Access Manager 11g

    Posted by "" in "apache, idm, integration, oam" on 2012-05-04

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    Apache shindig is one of the famous gadget applications used accross various social sites. The technology used in the backend for this shindig application is XML/JS/CSS/HTML. The front end application page will be html and gadgets are available in the format of XML embedded in html.

    The shindig application URL looks like http://host:port/ShindigApp/index.htm. The Shindig application is deployed in Tomcat front ended by Apache Server. We installed a OAM 10g WebGate on Apache server and protected the above URL. Upon accessing the application it is redirecting to page where it shows “404 page not found”. It is imperative that in OAM 11g, webgates have DenyOnNotProtected value set to true by default there by all unprotected URLs will be denied with access.

    So I have used headers tool to find more specifics.

    The Apache Shindig application calls js URL internally while loading the application. The URL looks like


    The Shindig is loading the rpc.js which is not present in the shindig application – so I can’t make it out where exactly it is picking up. Upon googling I found that this is normal behavior of shindig while loading gadgets.

    So I have specified this URL as resource and save the resource. Since the URL has ../ the policy manager got corrupted and console was showing null entries for all policies.

    I am petrified with this. Atlast we have recovered the policy manager back to working state by some sql scripts – this is a topic for another day.

    So the choice to unprotecting shindig URLs is faded out. So I have tried setting DenyOnNotProtected flag to false and reconfigured webgate and I am able to access the OAM protected shindig application well.

    Hope this is useful.

    One Response to “How to protect Apache Shindig application using Oracle Access Manager 11g”

    1. […] We have a shindig application protected by OAM 11g using an Apache 10g WebGate. Please refer my previous post on how to protect Apache Shindig application using OAM […]

    Leave a Reply

  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP