Last updated on MARCH 08, 2017
Applies to:Oracle Access Manager - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
An application has been successfully integrated with Oracle Access Manager (OAM) 11g Server for Single Sign-On (SSO).
Access to OAM-protected application pages is working except for pages with long URLs i.e. resources over 500 characters long.
When these resources are accessed in an unauthenticated browser session, varying behaviour is seen depending on browser product and version.
With Internet Explorer browser, error 'Internet Explorer cannot display the webpage' is displayed.
With Firefox browser, the browser may appear to hang or simply crash when the user is redirected to the OAM 11g login page.
Or with later Firefox versions, the OAM 11g login page may be displayed but when credentials are submitted the user is redirected to an error page. In this latter case, if TRACE:32 logging is enabled for the OAM Managed Server, the diagnostic log shows the errors 'OAMSSA-14003: Policy runtime failed' and 'OAMSSA-06191: The runtime request contains no resource'.
oracle.security.am.engines.authz.AuthorizationException: OAMSSA-14003: Policy runtime failed.
Caused by: oracle.security.am.common.policy.runtime.PolicyEvaluationException: OAMSSA-06191: The runtime request contains no resource.
... 36 more
This error occurs because the login request is sent without the OAM_REQ cookie. Although OAM issues a set-cookie when the user is redirected to the OAM 11g login page, Firefox does not successfully set the OAM_REQ cookie because the cookie value is excessively large.
If the user has already logged into OAM before accessing the long protected URL/page then there is no error and the application page is displayed successfully. The problem only occurs if long URL access triggers redirect to OAM for login.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms