OAM Headers Not Getting Passed When User Is Already Authenticated In Another Authentication Scheme (Doc ID 1492875.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle Access Manager - Version 11.1.1.5.0 to 11.1.1.6.0
Information in this document applies to any platform.

Goal

 1. We have Protected Application_A URL with AuthN_Policy_A and AuthZ_Policy_A. AuthN_Policy_A uses AuthN_Scheme_A (Level3) which is configured to LDAP_1 (Sun One)
2. We have protected Application_B (EBS R12) URL (AccessGate is used) with AuthN_Policy_B and AuthZ_Policy_B. AuthN_Policy_B uses AuthN_Scheme_B (Level2) which is configured to LDAP_2 (OID). In AuthZ_Policy_B we have set header say USER_ORCLGUID value $user.attr.orclguid (orclguid is attribute present in LDAP_2 and NOT IN LDAP_1)

When user access Application_A URL , OAM session gets created. As this authentication is at higher level, user should be able to get access to Application_B without having to provide credentials again. And the configuration is trying to do that. But however when accessed Application_B URL in this way ,USER_ORCLGUID attribute is not getting passed to Application_B. Will OAM NOT execute Authz_Policy_B and get attribute from LDAP_2 when user is already authenticated for Application_A ?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms