OAM 11gR2 Does Not Correctly Handle ":" In Query String
(Doc ID 1554238.1)
Last updated on MAY 24, 2022
Applies to:
Oracle Access Manager - Version 11.1.2.0.0 and laterInformation in this document applies to any platform.
Symptoms
Oracle Access Manager (OAM) 11gR2 (11.1.2.0.0) is installed to protect Oracle APplication EXpress (APEX) URLs
These APEX URLs contain ":" character in query string (for example p=APP:1).
Two incorrect behaviours are observed :
1 - the OAM console (oamconsole) incorrectly interprets ":" in query string.
When a resource with a query string like "P=APP:1" is created, after clicking on the "Apply" button, the resource is listed with the query string "P=APP=1"
2 - The OAM Policy engine incorrectly evaluate ":" in protected URLs
After the first issue was solved, if a resource with a query string like "P=APP:1" is protected by a specific policy, all the URLs with any query string like "P=APP:" are protected by the defined policy.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |