OAM 11gR2PS2: ResourceURI of Authorization Events are Garbled when using Non UTF-8 Encoded Characters
(Doc ID 2117993.1)
Last updated on SEPTEMBER 14, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.2.4 and laterInformation in this document applies to any platform.
Symptoms
- Applied <Patch:19812896> Oracle Access Manager (OAM) Audit log can report "ResourceURI" field for Authorization Events.
- ResourceURI of Authorization Events are Garbled when using Non UTF-8 Encoded Characters in the log
- Example, a client browser accesses the following protected web site
http://test.example.com/app/page?param={Parameter String}
Three Japanese Katakana characters [Te] [Su] [To] are set as URL parameter.
| Image | Unicode | |
|
[Te] |
U+30C6 | |
| [Su] | U+30B9 | |
| [To] | U+30C8 |
The following are URL encoded characters of them.
URL Encoded as UTF-8 : %E3%83%86%E3%82%B9%E3%83%88
When using encoded characters as Shift-JIS (other than UTF-8), garbage characters appear into ResourceURI due to decoding them as UTF-8. A part of characters are replaced with Unicode REPLACEMENT CHARACTER (U+FFFD).
Access URL Example:
Audit Log Output:
The ResourceURI other than Authorization Events report full-URL which is not decoded.
Changes
Steps to Reproduce:
1. Enable the audit log in OAM.
2. Apply <Patch:19812896> to OAM.
3. Access a protected web site using URL encoded characters, for example;
http://test.example.com/app/page?param=%83e%83X%83g
Additional Information
See <Document:1997227.1> for the detail of <Bug:19812896>
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |