Oracle Access Manager (OAM) Custom Authentication Plugin Created for Collecting Additional Credentials Fails With Error "OAMSSA-20027: Could not get user "
(Doc ID 2091705.1)
Last updated on SEPTEMBER 13, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.0.0 and laterInformation in this document applies to any platform.
Symptoms
A custom authentication plugin was created in OAM Version: 11.1.2.3.0. This custom plugin is an implementation of the "One Time Pin" functionality after user/password collection.
User Experience
1. User accesses the protected URL.
2. User is prompted with the SSO Login screen.
3. User provides the credentials and submits the page.
4. The One time pin screen turns up.
5. User provides the one time pin and submits the page.
6. User sees Error
System error. Please re-try your action. If you continue to get this error, please contact the Administrator.
Error in the log
oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20027: Could not get user : null, idstore: <Id Store name>, with exception: {2}.
at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getUser(IDSUserProviderImpl.java:1722)
at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getUserAttributes(IDSUserProviderImpl.java:1519)
at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.getUserAttributes(IdentityProviderImpl.java:985)
The Custom Plugin was an implementation of the example provided on OAM 11g Custom Authentication Plugins: Collecting additional credentials
The code from the example was integrated with the code from "OAM_R2_Plugin_Sample "
The Step Orchestration is:
Step1.) "UserIdentification" ------ on success -> go to "UserAuthentication" step
Step2.) "UserAuthentication" ------ on success -> go to "custom" step
Step3.) "custom" ------ on success -> "success"
In OAM diagnostic logs these entry were present:
Changes
With the "custom" plugin first in the Step Orchestration it worked OK:
Step1.) "custom" ------ on success -> go to "UserIdentification" step
Step2.) "UserIdentification" ------ on success -> go to "UserAuthentication" step
Step3.) "UserAuthentication" ------ on success -> "success"
Modifying, so that the "custom" plugin to be last in the Step Orchestration, failed with the described errors:
Step1.) "UserIdentification" ------ on success -> go to "UserAuthentication" step
Step2.) "UserAuthentication" ------ on success -> go to "custom" step
Step3.) "custom" ------ on success -> "success"
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |