OAM 11gR2 PS2/PS3: When Post Auth Rule Is Set But Evaluating to Result as False, WNA Authentication Fails With KrbException: Request Is A Replay (34) (Doc ID 2074617.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.2.2.0 version, Authentication Engine (its also applicable to OAM 11.1.2.3.0 version)

ACTUAL BEHAVIOR
----------------------
When Post Auth Rule is set but evaluation result is false, WNA authentication fails.
Now the problem is that this has broken Kerberos authentication for users. OAM is complaining about "KrbException: Request is a replay (34)".

However, the same use case works for LDAPScheme for example.



EXPECTED BEHAVIOR
------------------------
Expected result: Resource should be accessible for WNA use case after Kerberos Authentication with NO error, that even though the Post AuthN rule condition is evaluating to false.



STEPS
-----------------------
The issue can be reproduced at will with the following steps:

Testcase instructions (or location of instructions):
 1. Set up Post authentication Scheme with Kerberos Scheme.
 2. Set condition to evaluate to false.
 3. Access the resource.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms