Identity Assertion Created By Webgate Is Not Correct. Oauth Authentication Fails, Because The Issuer

(Doc ID 2005524.1)

Last updated on APRIL 06, 2016

Applies to:

Oracle Mobile and Social - Version and later
Information in this document applies to any platform.


dentity Assertion created by webgate is not correct. Oauth authentication fails

Problem Description
We enabled functionality in application policy, that webgate is sending the identity assertion to the backend application. This assertion is used to get a Oauth access token from oauth authorization server. Problem is that the issuer of the assertion and issuer of the certificate are different. Normally oauth authorization server verifies the issuer of assertion against certificate. I tested this against OAG and OAM, and both had same issue.

snippet from assertion:
OAM User Assertion Issuer
CN=OAM User Assertion Issuer CA Root

issuer of the assertion -> "OAM User Assertion Issuer"
issuer of the certificate -> "CN=OAM User Assertion Issuer CA Root"

Can we change the issuer of the assertion in OAM, that it matches with certificate or how this should solve?


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms