OIF SP-initiated SSO With 3rd Party IdP Causes OAM Error " System error. Please re-try your action......" (Includes An Explanation Of How RelayState Parameter Is Used By OIF)
(Doc ID 1415943.1)
Last updated on OCTOBER 09, 2019
Applies to:
Oracle Identity Federation - Version 11.1.1.5.0 to 11.1.1.2.0 [Release 11g]Oracle Access Manager - Version 11.1.1.5.0 and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.
Symptoms
After following the steps to integrate Oracle Access Manager (OAM) 11.1.1.5.0 with Oracle Identity Federation (OIF) 11.1.1.5.0 in SP mode, if a resource protected by the OAM OIF authentication scheme (OIFScheme) is accessed then after submitting credentials in the Identity Provider (IdP) login page the user sees an Oracle Access Manager page with blue background displaying message:
Documentation reference:
Oracle Fusion Middleware Integration Guide for Oracle Access Manager 11g Release 1 (11.1.1)
4.3 Integrate Oracle Identity Federation in SP Mode
The OAM managed server diagnostic log shows an error similar to the following:
[2011-12-29T22:10:52.981+00:00] [] [ERROR] [OAM-00002] [oracle.oam.binding] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <>] [ecid: ] [APP: ] [URI: /oam/server/dap/cred_submit] Error occurred while handling the request.[[
oracle.security.am.common.utilities.exception.AmRuntimeException: java.net.MalformedURLException: no protocol: <RELAY_STATE_VALUE>
....
The HTTP Header trace from the client browser shows that after successful IdP authentication, OIF SP processes the SAMLResponse successfully and redirects to OAM resource /oam/server/dap/cred_submit when the error occurs.
Example HTTP Header trace showing last few requests before the error occurs:
Host: <HOSTNAME>:<PORT>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 7879
RelayState=<RELAY_STATE_VALUE>&SAMLResponse=<VALUE>....<SAMLResponse value>.......<VALUE>==
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Connection: close
Date: Tue, 27 Dec 2011 22:57:25 GMT
Pragma: no-cache
Transfer-Encoding: chunked
Location: http://<HOSTNAME>/oam/server/dap/cred_submit?osso_sassoToken=v1.0~....<token>......==
Expires: Sat, 1 Jan 2005 12:00:01 GMT
Set-Cookie: ORA_OSFS_SESSION=id--; path=/
Set-Cookie: JSESSIONID=; path=/; HttpOnly
X-ORACLE-DMS-ECID:
X-Powered-By: Servlet/2.5 JSP/2.1
GET /oam/server/dap/cred_submit?osso_sassoToken=v1.0~....<token>.....== HTTP/1.1
Host: oam.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Cookie: OAMAuthnCookie_<HOSTNAME>:<PORT>=OAM_REQ=VERSION_; JSESSIONID=
HTTP/1.1 200 OK
Date: Tue, 27 Dec 2011 22:57:25 GMT
Server: Oracle-Application-Server-11g
Cache-Control: no-cache, no-cache, no-store
Pragma: no-cache, no-cache
Content-Length: 928
Expires: 0
Set-Cookie: OAM_JSESSIONID=; path=/; HttpOnly
X-ORACLE-DMS-ECID:
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
Vary: Accept-Encoding
Content-Encoding: gzip
If the OIF Test SP SSO page (/fed/user/testspsso) page is used to test SAML 2.0 SSO, the Test SP SSO application result page shows 'Authentication Successful' but the page shows:
It does not show the OIF Service Provider Unsolicited SSO Relay State URL as expected.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |