Last updated on MARCH 31, 2017
Applies to:Oracle Access Manager - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
After configuring Detached Credential Collector (DCC) tunneling on OAM 184.108.40.206.0 and enabling unsolicited authentication, attempts to perform unsolicited authentication (where user credentials are included in the HTTP request URL) through the DCC tunnel result in the user being prompted for authentication. The expected result is that the user would be authenticated without a prompt for credentials. Upon review of an HTTP header trace of the attempted authentication we see that two OAMAuthnCookies are set in the response after the initial request, rather than an OAM_ID cookie, EG:
HTTP/?.? 302 Found Date: Thu, 24 Sep 2015 15:47:43 GMT Server: Oracle-HTTP-Server-11g Set-Cookie: OAMAuthnHintCookie=0@1443109663; httponly; path=/; domain=.oracle.com OAMAuthnCookie_oam.oracle.com:7777=mOREr0<trimmed>%3D%3D; httponly; path=/ OAMAuthnCookie_oam.oracle.com:7777=Lsrnl7<trimmed>Y3tU=; path=/; HttpOnly Location: http://oam.oracle.com:18080/unsolicited/index.htm
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms