Oracle Access Manager Operation Error - Access To The URL Has Been Denied - When Authorization LDAP Access Rule Is Configured (Doc ID 1271706.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Access - Version: 10.1.4.0.1 and later   [Release: 10g and later ]
Information in this document applies to any platform.

Symptoms

An application resource has been protected with Oracle Access Manager (OAM), and an OAM Policy Domain Authorization Rule has been configured with an LDAP rule to restrict access to users who have a specific attribute value set.

For example:

ldap:///dc=uk,dc=oracle,dc=com??sub?(appaccessflag=yes)


On access to the OAM protected page, after submitting credentials for a user with the LDAP attribute set, the following error occurs:

Oracle Access Manager Operation Error - Access to the URL has been denied


The URL displayed in the browser address bar is similar to the following, showing ErrAuthzDeny.

https://site.oracle.com/oberr.cgi?status%3D500%20errmsg%3DErrAuthzDeny%20p1%3Dcn%253djsmith%2Ccn%253dUsers%2CDC%253duk%2CDC%253doracle%2CDC%253dcom%20p2%3D%2Fappurl%2Fprotectedpage.html


The user LDAP entry has been checked and the attribute value is definitely set to the same value as specified in the LDAP access rule.


Steps to reproduce

1. Start a new browser session and access https://site.oracle.com/appurl/protectedpage.html
2. OAM prompts for login: submit valid OAM credentials.
3. Error page is displayed: Oracle Access Manager Operation Error - Access to the URL has been denied



Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms