OIF 11g: Getting Fed-15065 Error While using Load Balancer in front of OIF (Doc ID 1355926.1)

Last updated on JUNE 07, 2017

Applies to:

Oracle Identity Federation - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

Configuration:
Multiple OIF instances behind the load balancer, exposing a single hostname (VIP/virtual IP)
While sending an XASP attribute request to the IDP/AA using the VIP instead of the actual hostname on which OIF is running, we are seeing a FED-15065 error in the wls_oif1.out log file.

This message indicates that the Destination field in the SOAP message (i.e., the Destination attribute in the SAML assertion inside the XASP request) does not match "the actual request URL". The log messages show the VIP hostname as the destination (which is what we set into the SOAP request) and for the "actual request URL", the log message is showing the hostname of the physical server on which one of the OIF instances is running.

For example if the VIP hostname is:

lb.company.com, which load balances

OIF1.company.com and
OIF2.company.com

The OIF log message says something like:

FED-15065 - The destination field (http://lb.company.com/fed/aa/soap) does not match the actual request URL http://OIF1.company.com/fed/aa/soap"

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms