Agent Stop Responding after Making Access Control / Privilege Change
(Doc ID 1944357.1)
Last updated on SEPTEMBER 21, 2016
Applies to:Oracle OpenSSO - Version 8.0.2 and later
Information in this document applies to any platform.
Sun legacy opensso 8 U2P3
After running a security scan on their Sun legacy opensso 8 U2P3 machine it was uncovered that the opensso console privilege "Read and write access to all configure Agent" under opensso console location "Access Control/Top Level Realm/Privilege" was enabled for a group and deemed to be a security vulnerability. After removing this privilege however, end user(s) assigned to the group had their attempted sessions fail with "Access denied as agent profile not found in access manager" displayed on their browser. The associated error logged in the opensso server debugs was of type
amIdentityServices:11/01/2014 01:28:17:448 PM EDT: Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]
Message:Permission to perform the read operation denied to id=dzqmwb01_crownweb,ou=user,dc=osso_config
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document