OAM 11gR2 Does Not Correctly Handle ":" In Query String
(Doc ID 1554238.1)
Last updated on SEPTEMBER 21, 2016
Applies to:Oracle Access Manager - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
Oracle Access Manager (OAM) 11gR2 (220.127.116.11.0) is installed to protect Oracle APplication EXpress (APEX) URLs
These APEX URLs contain ":" character in query string (for example p=APP:1).
Two incorrect behaviours are observed :
1 - the OAM console (oamconsole) incorrectly interprets ":" in query string.
When a resource with a query string like "P=APP:1" is created, after clicking on the "Apply" button, the resource is listed with the query string "P=APP=1"
2 - The OAM Policy engine incorrectly evaluate ":" in protected URLs
After the first issue was solved, if a resource with a query string like "P=APP:1" is protected by a specific policy, all the URLs with any query string like "P=APP:" are protected by the defined policy.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document