My Oracle Support Banner

OAM 11gR2 Does Not Correctly Handle ":" In Query String (Doc ID 1554238.1)

Last updated on MAY 24, 2022

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.


Oracle Access Manager (OAM) 11gR2 ( is installed to protect Oracle APplication EXpress (APEX) URLs
These APEX URLs contain ":" character in query string (for example p=APP:1).

Two incorrect behaviours are observed  :

1 - the OAM console (oamconsole) incorrectly interprets ":" in query string.

When a resource with a query string like "P=APP:1" is created, after clicking on the "Apply" button, the resource is listed with the query string "P=APP=1"

2 - The OAM Policy engine incorrectly evaluate ":" in protected URLs

After the first issue was solved, if a resource with a query string like "P=APP:1" is protected by a specific policy, all the URLs with any query string like "P=APP:" are protected by the defined policy.





To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.