ResourceURI of Authorization Events are Garbled when using Non UTF-8 Encoded Characters

(Doc ID 2117993.1)

Last updated on JULY 05, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.2.4 and later
Information in this document applies to any platform.

Symptoms

http://test.example.com/app/page?param={Parameter String}

Three Japanese Katakana characters [Te] [Su] [To] are set as URL parameter.

  Image Unicode

[Te]

  U+30C6
[Su]   U+30B9
[To]   U+30C8

The following are URL encoded characters of them. 

URL Encoded as Shift-JIS : %83e%83X%83g
URL Encoded as UTF-8     : %E3%83%86%E3%82%B9%E3%83%88

When using encoded characters as Shift-JIS (other than UTF-8), garbage characters appear into ResourceURI due to decoding them as UTF-8. A part of characters are replaced with Unicode REPLACEMENT CHARACTER (U+FFFD).

Access URL Example:

http://test.example.com/app/page?param=%83e%83X%83g

Audit Log Output:

The ResourceURI other than Authorization Events report full-URL which is not decoded.

Changes

Steps to Reproduce:

1. Enable the audit log in OAM.
2. Apply <Patch:19812896> to OAM.
3. Access a protected web site using URL encoded characters, for example;
http://test.example.com/app/page?param=%83e%83X%83g

Additional Information

See <Document:1997227.1> for the detail of <Bug:19812896>

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms