OAM 11gR2 Does Not Correctly Handle ":" In Query String

(Doc ID 1554238.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.


Oracle Access Manager (OAM) 11gR2 ( is installed to protect Oracle APplication EXpress (APEX) URLs
These APEX URLs contain ":" character in query string (for example p=APP:1).

Two incorrect behaviours are observed  :

1 - the OAM console (oamconsole) incorrectly interprets ":" in query string.

When a resource with a query string like "P=APP:1" is created, after clicking on the "Apply" button, the resource is listed with the query string "P=APP=1"

2 - The OAM Policy engine incorrectly evaluate ":" in protected URLs

After the first issue was solved, if a resource with a query string like "P=APP:1" is protected by a specific policy, all the URLs with any query string like "P=APP:" are protected by the defined policy.



Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms