- Make sure APEX functions with standard (APEX user based) security, even through OAM; this means
- Allow /APEX/**
- Allow /i/**
- Protect /apex/apex_authentication.callback
Not true, just add it. What the extra entries are for is beyond me, APEX will just recognize one value in the header...
No, it should be called whatever you named it in Access Manager: OAM_REMOTE_USER.
Next step: WNA+OAM+APEX - anyone done that?