My Oracle Support Banner

Bad Oracle Access Manager Request Error When Accessing a Resource Protected by a DCC WebGate (Doc ID 1582577.1)

Last updated on JUNE 23, 2018

Applies to:

Oracle Access Manager - Version 11.1.2.1.0 and later
Information in this document applies to any platform.

Symptoms

Accessing a resource protected by a DCC Webgate fails with the error:

 

Bad Oracle Access Manager Request
Unable to process the request due to unexpected error.

 

A httpheader trace shows the DCC Webgate redirects to "/obrar.cgi"  instead to the initial requested resource, after credentials are  submitted to "/oam/server/auth_cred_submit " .

 

 

GET /test.html HTTP/1.1
Host: myserver.com
.
HTTP/1.1 302 Found
Set-Cookie: DCCCtxCookie_myserver.com:443=encdata%3DEqRo%2FUP6Y7VGJzT34N8n%2FEu%2B9Mp10Sp5G2mu%2F173PYgqj8jhLHVWnQ8Ge3AoOW%2FpH1F6rVWcJu9raF%2F2NOPaDjyHZqNlRqVZeX%2BzunLRCNVt4vhvEINTeQuDfUwips9XleVT%2BRxKizqG%2FA%2BPdKRywgCe74rcbn8ZCkmm6mpZdR1HRdPkFu6qXvdiyK6K8WLd3DuR2nx83TOuLcnZzztTF2P5mllXrkMgCskxIf%2BLOdhjbJ1HIJDcUolPIlKRBzSFyuyaOiXp38HBd4oQFZJ5FfxFcZOWRfcfxFMlWTgo9%2BA%3D; httponly; secure; path=/oam/server/auth_cred_submit
Location: /loginpage?resource_url=https%3A%2F%2Fmyserver.com%2Ftest.html
Content-Length: 279
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
----------------------------------------------------------
https://myserver.com/loginpage?resource_url=https%3A%2F%2Fmyserver.com%2Ftest.html

GET /loginpage?resource_url=https%3A%2F%2Fmyserver.com%2Ftest.html HTTP/1.1
Host: myserver.com
.
HTTP/1.1 200 OK
----------------------------------------------------------
https://myserver.com/oam/server/auth_cred_submit

POST /oam/server/auth_cred_submit HTTP/1.1
Host: myserver.com
Cookie: DCCCtxCookie_myserver.com:443=encdata%3DEqRo%2FUP6Y7VGJzT34N8n%2FEu%2B9Mp10Sp5G2mu%2F173PYgqj8jhLHVWnQ8Ge3AoOW%2FpH1F6rVWcJu9raF%2F2NOPaDjyHZqNlRqVZeX%2BzunLRCNVt4vhvEINTeQuDfUwips9XleVT%2BRxKizqG%2FA%2BPdKRywgCe74rcbn8ZCkmm6mpZdR1HRdPkFu6qXvdiyK6K8WLd3DuR2nx83TOuLcnZzztTF2P5mllXrkMgCskxIf%2BLOdhjbJ1HIJDcUolPIlKRBzSFyuyaOiXp38HBd4oQFZJ5FfxFcZOWRfcfxFMlWTgo9%2BA%3D
.
HTTP/1.1 302 Found
Set-Cookie: OAMAuthnCookie_myserver.com:443=lWV5Y%2Ff%2BxvLbY%2BB5ugHTv5syBiNxy85Fhx8kxC11cUjzkqwfzB0E8cgzC%2FEW%2FA%2FsUZdWC4ErF1CYECPFOAJImWS%2FzZyVssnJZkeywF3fNi6IQYGXjeG56kV7ZSH2QRYmr%2B%2FPfYmA9kbPzF5TD2JvpApluUAeFGcsDE%2F%2FAvg0syxwXd7PVndlxHP3n%2BLVHLuzYBV2mJWfw4Z87GjmfFtjkT4YjbNDeNKor5hTsGqX%2FCeyJ2PJf%2FCr%2BcMZA8Rh4%2B85eEmkFrpkB0KHc2ZgGwcjnUpChwJ1syDoe0RVNhE6Ueu55EaFOliCWrjzb9gxjo0mOR71Em7Og5Qfnz9Rpg1OkrzxM07%2B0KRIvzXg6JKRQ5A%3D; httponly; secure; path=/
Set-Cookie: DCCCtxCookie_myserver.com:443=;expires=thursday, 01-jan-1970 01:00:00 gmt; httponly; secure; path=/
Location: https://myserver.com/obrar.cgi?cookie%3D%20redirectto%3D%252Ftest.html
.
GET /obrar.cgi?cookie%3D%20redirectto%3D%252Ftest.html HTTP/1.1
Host: myserver.com

  


The DCC Webgate oblog.log shows the following error message:



ACCESS_GATE ERROR 0x00001531 /ade/aime_ngamac_497961/ngamac/src/palantir/webgate2/src/redirect.cpp:379 "The obrareq.cgi, obrar.cgi, DCCCtxCookie, logout redirect message, or any other encrypted string has failed integrity check." HTTPStatus^400 requestedURL^/obrar.cgi

WEB ERROR 0x0000151F /ade/aime_ngamac_497961/ngamac/src/palantir/commonlib/src/apache2_req_info.cpp:226 "WebGate Error Report" Message^Unable to process the request due to unexpected error. ReqReq^GET /obrar.cgi?cookie%253D%2520redirectto%253D%25252Ftest.html HTTP/1.1 ReqProto^HTTP/1.1 ReqHost^myserver.com ReqStatLine^ ReqStatus^200 ReqRawUri^/obrar.cgi?cookie%253D%2520redirectto%253D%25252Ftest.html ReqUri^/obrar.cgi ReqFilename^proxy:http://myserver.com:8100/obrar.cgi ReqPath^ ReqArgs^cookie= redirectto=%252Ftest.html

  

 

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
 Change the "Challenge Redirect URL" in the the authentication policy
 from
 https://myserver.com:443/
 to
 https://myserver.com/


This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.