OIF Does Not Include Attributes In Assertions - Error in OIF Log FED-15002 "Cannot find User for UserID XXXX in User Data Store" (Doc ID 1595651.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Identity Federation - Version 11.1.1.2.0 and later
Information in this document applies to any platform.

Symptoms

The customer has configured Oracle Identity Federation (OIF) 11.1.1.2 as Identity Provider (IdP) using SAML 2.0 and has configured OIF to pass attributes in assertions.

However OIF is not passing the attributes in the assertions and this causes an error on the Service Provider side after IdP login.

Transient NameID format is used, or another NameID format with "Get Value From User Session" checked is being used.

OIF may be configured to use Oracle Virtual Directory (OVD) for User Data Store.

OIF is configured to pass two user attributes in assertions for the specific Service Provider, in the Service Provider (SP) Federation configuration..

User search directly in OVD/the LDAP User Data Store returns entries with values set for these two attributes.

When IdP-initiated SSO is attempted for the SP, OIF login appears to be successful and an assertion is sent but the SP generates an error because the expected attributes are missing from the assertion.

Steps to reproduce
================
1. Access https://oifidp.domain.com/fed/idp/initiatesso?providerid=<provider ID>
2. The OIF IdP login page is displayed.
3. Submit valid credentials.
4. A Service Provider error page is displayed.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms