Error 401 Unauthorized with OIF IdP-initiated SSO using Persistent NameID Format - Error in OIF log "SSO with SP cannot be completed: user federation does not exist"

(Doc ID 1466039.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Identity Federation - Version and later
Information in this document applies to any platform.


The requirement is to implement Identity Provider (IdP) initiated Single Sign On (SSO) using Oracle Identity Federation (OIF) as IdP with third party Service Provider (SP) application, using Persistent Name ID Format.

IdP-initiated SSO is failing with error 401 Unauthorized displayed in the browser, after IdP credentials are submitted.

The request is failing at the OIF IdP /fed/user?refid=..... request, with the following underlying error in the OIF 10g log:

IdP-initiated SSO using EmailAddress NameID format is successful. The problem is specific to Persistent Name ID Format.



Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms