OIF Does Not Include Attributes In Assertions - Error in OIF Log FED-15002 "Cannot find User for UserID XXXX in User Data Store"
(Doc ID 1595651.1)
Last updated on MARCH 08, 2017
Applies to:Oracle Identity Federation - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
The customer has configured Oracle Identity Federation (OIF) 22.214.171.124 as Identity Provider (IdP) using SAML 2.0 and has configured OIF to pass attributes in assertions.
However OIF is not passing the attributes in the assertions and this causes an error on the Service Provider side after IdP login.
Transient NameID format is used, or another NameID format with "Get Value From User Session" checked is being used.
OIF may be configured to use Oracle Virtual Directory (OVD) for User Data Store.
OIF is configured to pass two user attributes in assertions for the specific Service Provider, in the Service Provider (SP) Federation configuration..
User search directly in OVD/the LDAP User Data Store returns entries with values set for these two attributes.
When IdP-initiated SSO is attempted for the SP, OIF login appears to be successful and an assertion is sent but the SP generates an error because the expected attributes are missing from the assertion.
Steps to reproduce
1. Access https://oifidp.domain.com/fed/idp/initiatesso?providerid=<provider ID>
2. The OIF IdP login page is displayed.
3. Submit valid credentials.
4. A Service Provider error page is displayed.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.|