OIF 11gR1 (SP Mode) Integration With OAM 11gR2 Fails With System Error

(Doc ID 1535987.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle Identity Federation - Version 11.1.1.6.0 and later
Information in this document applies to any platform.

Goal

Oracle Access Manager 11g Release 2 (OAM11gR2 11.1.2.x) has been integrated with Oracle Identity Federation (OIF) 11.1.1.6.0 as Service Provider (SP) using the OIF "Oracle Access Manager 11g" SP Integration Modules tab as described in the Oracle Fusion Middleware Integration Guide for Oracle Identity Management Suite 11g Release 2 (11.1.2.2.0), section 4.2 Integration with Access Manager 11gR2.

After integration, IdP or SP-initiated SSO fails with an OAM error.

Steps to reproduce:

  1. End user access to one OIFscheme protected resource
  2. User is redirected to OIF11g in order to authenticate (OIF11g authentication engine is LDAP)
  3. After it the OIF is creating the DAP token and redirecting to OAM11gR2
  4. OAM11gR2 is getting the DAP token sent by OIF11g but is not able to assert the username from DAP token. A "system error" message is displayed. The OAM11gR2 logs display the following exception:




 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms