OIF as SP Generates Error 401--Unauthorized (Doc ID 1430615.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Identity Federation - Version: 11.1.1.1 and later   [Release: 11g and later ]
Information in this document applies to any platform.

Symptoms


An application has been integrated with Oracle Identity Federation (OIF) 11g as Service Provider (SP). OIF is configured with a third party product as Identity Provider (IdP) e.g. PingFederate.

When the protected SP application resource is accessed 'Error 401--Unauthorized' occurs. 

For example:

Error 401--Unauthorized

From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized

The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.


The user may or may not have successfully performed IdP domain login before the problem occurs.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms