My Oracle Support Banner

OAM 10g: Webgate - Credential Mapping In Form Based Authentication Can't Search Strings Incluing A Backslash in the Username (Doc ID 1300610.1)

Last updated on MARCH 25, 2019

Applies to:

COREid Access - Version 10.1.4.3.0 and later
Information in this document applies to any platform.

Symptoms


In OAM, using IWA with Form Based Authentication, when Credential Mapping plugin is used with parameter; obMappingBase="dc=domain,dc=com", obMappingFilter="(description=%LOGON_USER%)" ,
description attribute of the OID user, is in domain\username format. So, the string we got with LOGON_USER variable from IWA, contains a backslash. For some users, the search is successful, you will observe that access manager escapes the backslash with another backslash. But for some of the users, this backslash need to be escaped with four backslashes. e.g.domain\username1 is successful if it is searched as domain\\username1, but domain\username2 is not successful if it is searched as domain\\username2. When this search is executed as domain\\\\username2 then it succeeds. Simulating the situation with an Ldap browser, you will observe that by using 4 backlashes it is possible to success any object including a backslash.

This situation causes the problem that many users can't login via SSO, because they can't be authenticated through OAM.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.