Custom Authentication Plugin Created for Collecting Additional Credentials Fails With Error

(Doc ID 2091705.1)

Last updated on SEPTEMBER 01, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.0.0 and later
Information in this document applies to any platform.

Symptoms

A custom authentication plugin was created in OAM Version: 11.1.2.3.0. This custom plugin is an implementation of the "One Time Pin" functionality after user/password collection.

User Experience -
1. User accesses the protected URL.
2. User is prompted with the SSO Login screen.
3. User provides the credentials and submits the page.
4. The One time pin screen turns up.
5. User provides the one time pin and submits the page.
6. User sees
Error
System error. Please re-try your action. If you continue to get this error, please contact the Administrator.

Error in the log -
oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20027: Could not get user : null, idstore: <Id Store name>, with exception: {2}.
at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getUser(IDSUserProviderImpl.java:1722)
at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getUserAttributes(IDSUserProviderImpl.java:1519)
at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.getUserAttributes(IdentityProviderImpl.java:985)

The Custom Plugin was an implementation of the example provided on http://www.ateam-oracle.com/oam-11g-custom-authentication-plugins-collecting-additional-credentials/

The code from the example was integrated with the code from "OAM_R2_Plugin_Sample" sample plugin provided by OTN - http://www.oracle.com/technetwork/indexes/samplecode/id-mgmt-1884959.html

 

The Step Orchestration is:
Step1.) "UserIdentification" ------ on success -> go to "UserAuthentication" step
Step2.) "UserAuthentication" ------ on success -> go to "custom" step
Step3.) "custom" ------ on success -> "success"

 

In OAM diagnostic logs these entry were present:

[2015-11-23T12:23:06.884+01:00] [WLS_OAM1] [TRACE] [] [oracle.oam.engine.authn] [host: host1] [nwaddr: <IP_address>] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0059JDlgr_U2bMOpyg^AyW0001PX0001^M,0:1:1:2] [SRC_CLASS: oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor] [APP: oam_server#11.1.2.0.0] [SRC_METHOD: execute] [TARGET: /Farm_IAMAccessDomain/IAMAccessDomain/WLS_OAM1/oam_server(11.1.2.0.0)] [TARGET_TYPE: oracle_oam] Final IORequest after processing authn flow [{authenticatedUserName: {user1}}{idStoreReference: {IDStore}}{clientIPAddress: {<IP_client_address>}}{authLevel: {2}}{isAnonymousAuthentication: {false}}{policyId: {<Custom_Auth_Scheme>}}{scheme: {Scheme name: = <Custom_Auth_Scheme> Scheme Challenge URL: = http://host1:7777/oam/server/ Scheme Challenge Mec: = FORM Scheme Challenge Par: = {contextType=default, username=string, contextValue=/oam, password=sercure_string, challenge_url=/pages/login.jsp} Authentication Module Name: = <Custom_Auth_Plugin> Dynamic Authentication Scheme : = false }}{subject: {null}}{responseSetVO: {null}}{executionStatus: {null}}{executionAction: {null}}{authClass: {UNSPECIFIED}}{authException: {null}}]

[2015-11-23T12:23:06.884+01:00] [WLS_OAM1] [TRACE] [] [oracle.oam.user.identity.provider] [host: host1] [nwaddr: <IP_address>] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0059JDlgr_U2bMOpyg^AyW0001PX0001^M,0:1:1:2] [SRC_CLASS: oracle.security.am.engines.common.identity.util.OAMIdentity] [APP: oam_server#11.1.2.0.0] [SRC_METHOD: <init>] [TARGET: /Farm_IAMAccessDomain/IAMAccessDomain/WLS_OAM1/oam_server(11.1.2.0.0)] [TARGET_TYPE: oracle_oam] In OAMIdentity, userinfo passed to OAMIdentity constructor is null, and hence cant cache the attributes for idstoreIDStore and subject: null

 

Changes

With the "custom" plugin first in the Step Orchestration it worked OK:


Step1.) "custom" ------ on success -> go to "UserIdentification" step
Step2.) "UserIdentification" ------ on success -> go to "UserAuthentication" step
Step3.) "UserAuthentication" ------ on success -> "success"

 

Modifying, so that the "custom" plugin to be last in the Step Orchestration, failed with the described errors:

Step1.) "UserIdentification" ------ on success -> go to "UserAuthentication" step
Step2.) "UserAuthentication" ------ on success -> go to "custom" step
Step3.) "custom" ------ on success -> "success"

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms