OIM 11gR2Ps2 enabling/Restricts backurl parameter for EIDM url's

Step-by-Step Instructions:

Disabling whitelist validation and collecting values for the whitelist

1.Create and configure OIM system-property XL.AllowedBackURLsMode=Disable (see Mode above).

  An administrator can do this manually using OIM console.

 Some customers may choose to script this as a post-installation step in the installation-process.

2.Check the logs for warnings emitted by "OIMRedirectValidatorFilter::validateURL".

3.Collect from the input urls shown in those warnings in the logs the set of distinct host-and-port combinations that OIM should allow (as targets for redirection).

4.Create and Add to OIM system-property XL.AllowedBackURLs (see Whitelist above) each combination of host and port that OIM should allow.

  Once committed, the change to XL.AllowedBackURLs should take effect immediately. Once a URI has been added to that whitelist, OIM should consider to be valid any value of 'backURL' or          'endURL' that specifies the host from that URI. OIM should no longer log a warning for any value of 'backURL' or 'endURL' that specifies the host from any URI in the whitelist.

5.Once the administrator is confident that all necessary values have been added to the whitelist, an administrator should enable whitelist-validation (see next section below).

Enabling whitelist validation

1.Configure OIM system-property XL.AllowedBackURLsMode=Enforce (see Mode above).

1.An administrator can do this manually using OIM console. Please refer http://docs.oracle.com/cd/E23943_01/doc.1111/e14308/system_props.htm#BABCBCEB

2.Check the logs for severe errors emitted by "OIMRedirectValidatorFilter::validateURL".

3.Collect from the input urls shown in those errors in the logs the set of distinct host-and-port combinations that OIM should allow (as targets for redirection).

4.Add to OIM system-property XL.AllowedBackURLs (see Whitelist above) each combination of host and port that OIM should allow.

  Edit OIM system-property XL.AllowedBackURLs and add for each combination of host and port a URI that specifies the host and port. (OIM does not use the port-number currently, but may do so          in the future.)

  Once committed, the change to XL.AllowedBackURLs should take effect immediately. Once a URI has been added to that whitelist, OIM should consider to be valid any value of 'backURL' or              'endURL' that specifies the host from that URI. OIM should redirect successfully to any value of 'backURL' or 'endURL' that specifies the host from any URI in the whitelist.