Please Review this excellent blog posted by David Abramowicz, a Senior Sales Consultant for Oracle in Sweden, put together a how to for setting up OAM with multiple authentication types while maintaining the originally requested URL This post uses his idea but in different way.
Business Case: If a user is logged into their windows workstation in their intranet, and try to access any protected resource he should be able to access it seamlessly (Using IWA), User can login to their windows workstation either by using Active Directory account username/password, or using PIV card and PIN.
If IWA fails or if a user is trying to access the protected resource from outside of the network, user will be presented with option to choose either PIV(Cert) and Form based login.
Part I ( Make IWA work)
1. Configure AccessGate in OAM access management console.
2. Install WebGate on IIS ( I am using default website)
3. Create a folder under wwwroot/ called “protected”
4. Create a asp page called headers.asp (you can modify to test the headers) and empty test.html(nothing in this page)
5. Protect this directory in IIS Management console with IWA.
6. Create an authentication scheme in OAM admin console
7. Create a policy to protect the /protected folder on IIS.
8. Check the IWA authentication is successful by looking at obSSOCookie.