OAM 11g: Login Error 'Internet Explorer cannot display the webpage' or Firefox Crash/Hang When Accessing Long Protected URL / OAMSSA-14003 Policy runtime failed / OAMSSA-06191: The runtime request contains no resource (Doc ID 1348419.1)

Last updated on AUGUST 24, 2017

Applies to:

Oracle Access Manager - Version 11.1.1.3.0 and later
Information in this document applies to any platform.

Symptoms

An application has been successfully integrated with Oracle Access Manager (OAM) 11g Server for Single Sign-On (SSO).

Access to OAM-protected application pages is working except for pages with long URLs i.e. resources over 500 characters long.

When these resources are accessed in an unauthenticated browser session, varying behaviour is seen depending on browser product and version.

With Internet Explorer browser, error 'Internet Explorer cannot display the webpage' is displayed.

With Firefox browser, the browser may appear to hang or simply crash when the user is redirected to the OAM 11g login page.

Or with later Firefox versions, the OAM 11g login page may be displayed but when credentials are submitted the user is redirected to an error page. In this latter case, if TRACE:32 logging is enabled for the OAM Managed Server, the diagnostic log shows the errors 'OAMSSA-14003: Policy runtime failed' and 'OAMSSA-06191: The runtime request contains no resource'.

For example:

[2011-06-25T11:08:25.907-05:00] [oam_server1] [TRACE:16] [] [oracle.oam.engine.authz] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: xx] [SRC_CLASS: oracle.security.am.engines.authz.AuthorizationEngine] [APP: oam_server] [SRC_METHOD: isResourceProtected] THROW[[
oracle.security.am.engines.authz.AuthorizationException: OAMSSA-14003: Policy runtime failed.
at oracle.security.am.engines.authz.AuthorizationEngine.isResourceProtected(AuthorizationEngine.java:183)
at oracle.security.am.engines.enginecontroller.AuthzEngineController.checkProtected(AuthzEngineController.java:373)
at oracle.security.am.engines.enginecontroller.AuthzEngineController.processEvent(AuthzEngineController.java:159)
at oracle.security.am.controller.MasterController.processEvent(MasterController.java:354)
at oracle.security.am.controller.MasterController.processRequest(MasterController.java:517)
.....
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: oracle.security.am.common.policy.runtime.PolicyEvaluationException: OAMSSA-06191: The runtime request contains no resource.
at oracle.security.am.common.policy.runtime.PolicyRuntimeImpl.isResourceProtected(PolicyRuntimeImpl.java:143)
at oracle.security.am.engines.authz.AuthorizationEngine.isResourceProtected(AuthorizationEngine.java:181)
... 36 more



This error occurs because the login request is sent without the OAM_REQ cookie. Although OAM issues a set-cookie when the user is redirected to the OAM 11g login page, Firefox does not successfully set the OAM_REQ cookie because the cookie value is excessively large.

If the user has already logged into OAM before accessing the long protected URL/page then there is no error and the application page is displayed successfully. The problem only occurs if long URL access triggers redirect to OAM for login.


Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms