OAM / WebGate Returns oberr.cgi With Message "Need request parameters for resource %1 isProtected" For Protected Resource Requested With POST Method Where No Post Data Is Sent (Doc ID 1472200.1)

Last updated on MAY 10, 2023

Applies to:

Symptoms

An application has been protected with Oracle Access Manager (OAM) 10g 10.1.4.3.

Generally OAM-protected access to the application is working.

However for a specific application URL which is requested using HTTP POST method, WebGate is returning an error "Need request parameters for resource %1 isProtected". This occurs specifically when the protected application page is requested and does not pass any parameters as Post Data. This particular application page may or may not send post data when submitted, it may only send the URL query parameters in some cases.

The OAM Policy Domain has been configured with one or more Policies for this protected resource having Query String Variable values set.

OAM 10g Bundle Patch (BP) 12 has been installed for WebGate, Access Server and Identity Server but the issue still reproduces.


Steps to reproduce

1. Access the OAM-protected site at https://<RESOURCE_HOSTNAME>/<RESOURCE_URL>
2. Click the Login link in the page: the OAM form-based login page is displayed.
3. Submit valid OAM credentials: the application page is displayed at https://<RESOURCE_HOSTNAME>/<RESOURCE_URL>
4. Navigate in the application page and perform an application action that causes an HTTP request to be sent with POST method, without any Post Data:
5. The user is redirected to the following WebGate error resource:

https://<RESOURCE_HOSTNAME>/<RESOURCE_URL>/oberr.cgi?status=500 errmsg=Need request parameters for resource %1 isProtected() call.

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.