OAM 11gR2 Does Not Correctly Handle ":" In Query String (Doc ID 1554238.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle Access Manager - Version 11.1.2.0.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Access Manager (OAM) 11gR2 (11.1.2.0.0) is installed to protect Oracle APplication EXpress (APEX) URLs
These APEX URLs contain ":" character in query string (for example p=APP:1).

Two incorrect behaviours are observed  :

1 - the OAM console (oamconsole) incorrectly interprets ":" in query string.

When a resource with a query string like "P=APP:1" is created, after clicking on the "Apply" button, the resource is listed with the query string "P=APP=1"

2 - The OAM Policy engine incorrectly evaluate ":" in protected URLs

After the first issue was solved, if a resource with a query string like "P=APP:1" is protected by a specific policy, all the URLs with any query string like "P=APP:" are protected by the defined policy.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms