OPSS- WebLogic Security Patch 22248372 Breaks SSO, getting access denied
(Doc ID 2110266.1)
Last updated on SEPTEMBER 11, 2023
Applies to:
Oracle Platform Security for Java - Version 11.1.2.2.0 and laterOracle Adaptive Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.
Symptoms
On : Oracle Platform Security for Java 11.1.1.9.0 version, Java Platform Security / from Oracle Adaptive Access Manager 11.1.2.2.0
WebLogic Security Patch 22248372 breaks SSO
After apply the WebLogic Security Patch to development environment, Start getting "Access Denied" Exception
The environment has SSO in place and custom servlet that allows users to log in with any of three attributes (employee ID, email, or network ID).
Observed Error
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:549)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:463)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:523)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:549)
at oracle.security.jps.internal.credstore.util.CsfU
Steps to reproduce
The issue can be reproduced at will with the following steps:
1. After apply the WebLogic Security Patch (22248372) and prerequisite patch (20780171)
2. After applying the patches, SSO failed with the following OAAM error:
java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oaam,keyName=* read)
After start domain, using:
./startWeblogic.sh -Djps.auth.debug=true -Djps.auth.debug.verbose=true
Observing the next Check Permission [FAILED]
PolicyContext: [null]
Resource/Target: [context=APPLICATION,name=OAM11gApplication]
Action: [getApplicationPolicy]
Permission Class: [oracle.security.jps.service.policystore.PolicyStoreAccessPermission]
Result: [FAILED]
Evaluator: [ACC]
Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@1049a24b
CodeSource=file:/apps/Oracle/Middleware/patch_wls1036/patch_jars/BUG20780171_1036012.jar
Principals=total 0 of principals<no principals>
Permissions=(
(oracle.security.jps.service.keystore.KeyStoreAccessPermission stripeName=system,keystoreName=trust,alias=* read)
(java.io.FilePermission /<MW_HOME>/patch_wls1036/patch_jars/BUG20780171_1036012.jar read)
....
)
Call Stack: java.security.AccessControlException: access denied (oracle.security.jps.service.policystore.PolicyStoreAccessPermission Context:APPLICATION Context Name:OAM11gApplication Actions:getApplicationPolicy)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
Changes
Apply the WebLogic Security Patch (22248372) and prerequisite patch (20780171)
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |