OIF Integrated With OAM Passes Literal 'uid' As UID Attribute Value In Assertion (Doc ID 1447349.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Identity Federation - Version: 11.1.1.1 and later   [Release: 11g and later ]
Information in this document applies to any platform.

Symptoms


Oracle Identity Federation (OIF) 11g as Identity Provider (IdP) is configured with Oracle Access Manager 10g as Authentication Engine. OIF has been configured to send attributes (UID) to the specific Service Provider for authentication requests using Transient NameID Format.

Service Provider (SP)-initiated Single Sign-On (SSO) is successful using Transient NameID Format. The SAML Response status from OIF as IdP is "Authentication Successful".

However although SSO is successful, OIF as IdP is not sending the correct UID attribute value to the SP, in the assertion. The value of UID attribute in the OIF session is set to the literal string "uid" rather than the expected uid attribute value of the OAM-authenticated user in the IdP domain.

e.g. SAMLUID=uid

If OIF is configured to use the default LDAP Authentication Engine, the uid attribute in the Assertion is set correctly to the authenticated user ID.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms