Identity Assertion Created By Webgate Is Not Correct. Oauth Authentication Fails, Because The Issuer (Doc ID 2005524.1)

Last updated on APRIL 06, 2016

Applies to:

Oracle Mobile and Social - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Goal

dentity Assertion created by webgate is not correct. Oauth authentication fails

Problem Description
---------------------------------------------------
We enabled functionality in application policy, that webgate is sending the identity assertion to the backend application. This assertion is used to get a Oauth access token from oauth authorization server. Problem is that the issuer of the assertion and issuer of the certificate are different. Normally oauth authorization server verifies the issuer of assertion against certificate. I tested this against OAG and OAM, and both had same issue.

snippet from assertion:
OAM User Assertion Issuer
....
CN=OAM User Assertion Issuer CA Root
.....

issuer of the assertion -> "OAM User Assertion Issuer"
issuer of the certificate -> "CN=OAM User Assertion Issuer CA Root"

Can we change the issuer of the assertion in OAM, that it matches with certificate or how this should solve?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms