My Oracle Support Banner

Direct Authentication Through DCC Tunnel Produces Wrong Cookie (Doc ID 2059743.1)

Last updated on OCTOBER 30, 2023

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

After configuring Detached Credential Collector (DCC) tunneling on OAM 11.1.2.3.0 and enabling unsolicited authentication, attempts to perform unsolicited authentication (where user credentials are included in the HTTP request URL) through the DCC tunnel result in the user being prompted for authentication.  The expected result is that the user would be authenticated without a prompt for credentials.  Upon review of an HTTP header trace of the attempted authentication we see that two OAMAuthnCookies are set in the response after the initial request, rather than an OAM_ID cookie, EG:

 
GET http://<HOSTNAME>.<DOMAIN>:<PORT>/oam/server/authentication?username=user&password=userpassword&successurl=http://oam.oracle.com:18080/unsolicited/index.htm

HTTP/?.? 302 Found
Date: Thu, 24 Sep 2015 15:47:43 GMT
Server: Oracle-HTTP-Server-11g
Set-Cookie: OAMAuthnHintCookie=0@1443109663; httponly; path=/; domain=<DOMAIN>
OAMAuthnCookie_<HOSTNAME>.<DOMAIN>:<PORT>=mOREr0<trimmed>==; httponly; path=/
OAMAuthnCookie_<HOSTNAME>.<DOMAIN>:<PORT>=Lsrnl7<trimmed>Y3tU=; path=/; HttpOnly
Location: http://oam.oracle.com:18080/unsolicited/index.htm
 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.