OAM 11g WNA Authentication Fails for Legacy Application that use OAM_REMOTE_USER
(Doc ID 1410337.1)
Last updated on MAY 23, 2017
Applies to:
Oracle Access Manager - Version 11.1.1.5.0 and laterInformation in this document applies to any platform.
Symptoms
- OAM 11g WNA Authentication Fails for Legacy Application that use OAM_REMOTE_USER
- Oracle Access Manager 11g (OAM 11.1.1.5) WNA
- The default OAM identity store is OID
- The Kerberos autn module is being used
- The login attribute is orclsamaccountname, which matches the AD samaccountname
- WNA works as expected when...
- OAM and WNA using a static page
- OAM WNA and WebCenter Portal, if the value attribute used for the OAM default Identity store equals the value of the WLS Identity Asserter attribute value equals the AD samaccontname value.
- The issue only occurs when the WLS Identity Asserter attribute value does not equal the value of AD samaccontname.
- The OAM WNA is successful, but when it tries to do additional authorization via WLS identity asserter, it fails and presents the user with a application login. Since the OAM_Remote_USER is tha value of the OAM login attribute (orclasmaccountname)but the WLS identity asserter attribute (UID) does not.
- The customer feels that this same exact configuration/setup worked with Oracle application server and OSSO 10g.
- Since OAM 11g is the direct replacement for this, then it should work the same and no changes should be needed in its design and or architecture.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |