OAM 11gR2PS2: ResourceURI of Authorization Events are Garbled when using Non UTF-8 Encoded Characters
(Doc ID 2117993.1)
Last updated on MARCH 03, 2019
Applies to:Oracle Access Manager - Version 188.8.131.52.4 and later
Information in this document applies to any platform.
- Applied <Patch:19812896> Oracle Access Manager (OAM) Audit log can report "ResourceURI" field for Authorization Events.
- ResourceURI of Authorization Events are Garbled when using Non UTF-8 Encoded Characters in the log
- Example, a client browser accesses the following protected web site
Three Japanese Katakana characters [Te] [Su] [To] are set as URL parameter.
The following are URL encoded characters of them.
URL Encoded as UTF-8 : %E3%83%86%E3%82%B9%E3%83%88
When using encoded characters as Shift-JIS (other than UTF-8), garbage characters appear into ResourceURI due to decoding them as UTF-8. A part of characters are replaced with Unicode REPLACEMENT CHARACTER (U+FFFD).
Access URL Example:
Audit Log Output:
The ResourceURI other than Authorization Events report full-URL which is not decoded.
Steps to Reproduce:
1. Enable the audit log in OAM.
2. Apply <Patch:19812896> to OAM.
3. Access a protected web site using URL encoded characters, for example;
See <Document:1997227.1> for the detail of <Bug:19812896>
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document