ResourceURI of Authorization Events are Garbled when using Non UTF-8 Encoded Characters
Last updated on JULY 05, 2017
Applies to:Oracle Access Manager - Version 22.214.171.124.4 and later
Information in this document applies to any platform.
- Applied <Patch:19812896> Oracle Access Manager (OAM) Audit log can report "ResourceURI" field for Authorization Events.
- ResourceURI of Authorization Events are Garbled when using Non UTF-8 Encoded Characters in the log
- Example, a client browser accesses the following protected web site
Three Japanese Katakana characters [Te] [Su] [To] are set as URL parameter.
The following are URL encoded characters of them.
URL Encoded as UTF-8 : %E3%83%86%E3%82%B9%E3%83%88
When using encoded characters as Shift-JIS (other than UTF-8), garbage characters appear into ResourceURI due to decoding them as UTF-8. A part of characters are replaced with Unicode REPLACEMENT CHARACTER (U+FFFD).
Access URL Example:
Audit Log Output:
The ResourceURI other than Authorization Events report full-URL which is not decoded.
Steps to Reproduce:
1. Enable the audit log in OAM.
2. Apply <Patch:19812896> to OAM.
3. Access a protected web site using URL encoded characters, for example;
See <Document:1997227.1> for the detail of <Bug:19812896>
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms