OAM 11gR2 Does Not Correctly Handle ":" In Query String
Last updated on SEPTEMBER 21, 2016
Applies to:Oracle Access Manager - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
Oracle Access Manager (OAM) 11gR2 (18.104.22.168.0) is installed to protect Oracle APplication EXpress (APEX) URLs
These APEX URLs contain ":" character in query string (for example p=APP:1).
Two incorrect behaviours are observed :
1 - the OAM console (oamconsole) incorrectly interprets ":" in query string.
When a resource with a query string like "P=APP:1" is created, after clicking on the "Apply" button, the resource is listed with the query string "P=APP=1"
2 - The OAM Policy engine incorrectly evaluate ":" in protected URLs
After the first issue was solved, if a resource with a query string like "P=APP:1" is protected by a specific policy, all the URLs with any query string like "P=APP:" are protected by the defined policy.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms