6-30 Oracle Fusion Middleware Developers Guide for Oracle Adaptive Access Manager The proxy variables are of 3 types, depending upon the life span of the variable. The type of variable is determined by the first letter of the variable name, which can be one of: , , . All types of variables can be set using filters like SetVariable, SaveHeader, SaveParam, SaveResponse, and other filters. All types of variables can be unsetdeleted by the UnsetVariable filter. The ClearSession filter can be used to remove all session variables. Request variables Request variables: these variable names start with . These variables are associated with the current request and are deleted at the completion of the current request. Request variables are used where the value is not needed across requests. Session variables Session variables: these variable names start with . These variables are associated with the current proxy session and are deleted when the proxy session is cleaned up. Session variables are used where the value should be preserved across requests from a client. Global variables Global variables: these variable names start with . These variables are associated with the current proxy configuration and are deleted when the proxy configuration is unloaded. Global variables are used where the value needs to be preserved across requests and across clients. Global variables can be set at the proxy configuration load time using SetGlobal in the configuration file. In the UIO ISA Proxy, global variables can also be set by adding registry values under key HKLM\Software\Bharosa\Proxy\Globals. The name of each entry under this key should be the variable name, starting with . And the data of the entry should be the value of the variable. The registry-type of the value can be REG_DWORD, REG_SZ or REG_EXPAND_SZ. Pre-defined variables The UIO Proxy supports the following pre-defined request variables: Table 6–16 Pre-defined Variables Supported by the UIO Proxy Variable name Description RESPONSE_CONTENT This variable contains the contents of the entire response from the Web server for the current request. Forthe UIO Apache Proxy, RESPONSE_CONTENT has been deprecated. Please use SaveResponse, SaveHeader, SaveResponseCookie, and ReplaceText filters instead. REQUEST_CONTENT This variable contains the contents of the entire request from the client. For the UIO Apache Proxy, REQUEST_CONTENT has been deprecated. You can use SaveRequest, SaveHeader, and SaveRequestCookie filters instead. QUERY_STRING This variable contains the query string, starting with ?, for the current request URL. REQUEST_METHOD HTTP method verb for the request: GET, POST, and so on. REMOTE_HOST Hostname of the client or agent of the client. For the UIO Apache Proxy, you need to enable the hostname lookup by using the Apache directive HostnameLookups On. Oracle Adaptive Access Manager Proxy 6-31

6.6.1.8 Application

A single proxy installation can be used to provide multifactor authentication for multiple Web application that run in one or more Web servers. In the UIO Proxy configuration, an application is a grouping of interceptors defined for a single Web application. Request and response interceptors can be defined outside of an application in the proxy configuration file. These interceptors are called global interceptors and will be evaluated and executed prior to the interceptors defined in the applications.

6.6.2 Interception Process

An HTTP messages consist of requests from the client to server and responses from the server to client. HTTP is transaction oriented. A request from client to server will have a single response from the server to client. The request has a set of headers followed by, optionally, a request body. Similarly the response has headers and, optionally, a body. Since the proxy is sitting in between the client and the target application, it can modify the request headers, body and response headers and body of any HTTP request, using the configuration XML. Note that a response could be a normal 200 OK response or it could be a redirect response 302 or any other HTTP status response. In all these cases, the response is for that request and will trigger the response interceptors for the same request. An example, if the request is for the URL doLogin.do, and the response is a redirect 302 with the location of loginPage.jsp then all the request and response interceptors will be triggered for the URL doLogin.do. The next HTTP request is a HTTP GET on loginPage.jsp and this will cause all the request and response interceptors for loginPage.jsp to be triggered. When a request arrives, the proxy evaluates request interceptors defined for the URL in the order they are defined in the configuration file. Similarly when on receiving response from the Web server, the proxy evaluates response interceptors defined for the URL of the HTTP request in the order defined in the configuration file. If the conditions in an interceptor evaluate to true, the proxy will execute that interceptor i.e. execute the filters and action. After executing an interceptor, the proxy will continue with the next interceptor only if the following conditions are met: ■ no action is specified for the current interceptor ■ post-exec-action attribute for the current interceptor is continue It is highly recommended that the post-exec-action attribute be specified for interceptors that do not define an action. For global interceptors for example, the interceptors defined outside of any application, the default value of post-exec-action attribute is continue. The stop-phase-intercept value of post-exec-action on a request interceptor stops the request interception but continues with response interception while stop-intercept stops the interception completely for that request. For non-global interceptors, the default value is continue if no action is specified and stop-phase-intercept if an action is specified. REMOTE_ADDR IP address of the client or agent of the client. HTTP_HOST The content of HTTP Host header URL URL for the current request Table 6–16 Cont. Pre-defined Variables Supported by the UIO Proxy