FedUserAuthenticationPlugin Doesn't Support Cancel Option (Doc ID 1942978.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

Products:
=======
 OAM 11.1.2.2
 FedUserAuthenticationPlugin configured


Problem:
=======
When user clicks cancel option on the login screen getting 302 forward back to OAM.

In detail, used out of the box FedAuthnRequestPlugin for saml request generation. Together with FedUserAuthenticationPlugin for user assertion.
As described by doc: http://docs.oracle.com/cd/E40329_01/admin.1112/e27239/oif_policies.htm#CHDDHFFD
For saml federation with external IdP https://www.xxx.yy , where OAM is in role of SP.

The success scenarios works OK. Users are able to login.

However scenario where user clicks cancel option on the login screen getting 302 forward back to OAM doesn't work as expected.
Users get back to login screen however with some previous attempt residues. Those they are blocked to use another identity provider.

I expect user to be forwarded to login screen. It is now. But be able to login. And it is not able because the incoming http request is full of OAM errors in https request params as well as residues of previous login attempt. Like session id.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms