Oracle Access Manager (OAM) Custom Authentication Plugin Created for Collecting Additional Credentials Fails With Error "OAMSSA-20027: Could not get user " (Doc ID 2091705.1)

Last updated on SEPTEMBER 13, 2023

Applies to:

Symptoms

A custom authentication plugin was created in OAM Version: 11.1.2.3.0. This custom plugin is an implementation of the "One Time Pin" functionality after user/password collection.

User Experience
1. User accesses the protected URL.
2. User is prompted with the SSO Login screen.
3. User provides the credentials and submits the page.
4. The One time pin screen turns up.
5. User provides the one time pin and submits the page.
6. User sees Error
System error. Please re-try your action. If you continue to get this error, please contact the Administrator.

Error in the log
oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20027: Could not get user : null, idstore: <Id Store name>, with exception: {2}.
at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getUser(IDSUserProviderImpl.java:1722)
at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getUserAttributes(IDSUserProviderImpl.java:1519)
at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.getUserAttributes(IdentityProviderImpl.java:985)

The Custom Plugin was an implementation of the example provided on OAM 11g Custom Authentication Plugins: Collecting additional credentials

The code from the example was integrated with the code from "OAM_R2_Plugin_Sample "

The Step Orchestration is:
Step1.) "UserIdentification" ------ on success -> go to "UserAuthentication" step
Step2.) "UserAuthentication" ------ on success -> go to "custom" step
Step3.) "custom" ------ on success -> "success"

In OAM diagnostic logs these entry were present:

Changes

With the "custom" plugin first in the Step Orchestration it worked OK:

Step1.) "custom" ------ on success -> go to "UserIdentification" step
Step2.) "UserIdentification" ------ on success -> go to "UserAuthentication" step
Step3.) "UserAuthentication" ------ on success -> "success"

Modifying, so that the "custom" plugin to be last in the Step Orchestration, failed with the described errors:

Step1.) "UserIdentification" ------ on success -> go to "UserAuthentication" step
Step2.) "UserAuthentication" ------ on success -> go to "custom" step
Step3.) "custom" ------ on success -> "success"

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.