OAM Is Sending The Logout Response Without Terminating The Session And With A Message "User authenticated at IdP different from User specified in the Request message" (Doc ID 2160614.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.2.4 and later
Information in this document applies to any platform.

Symptoms

On federated partners that is using session index during the logout transaction, OAM 11.1.2.2.4 is sending the logout response with a message "User authenticated at IdP different from User specified in the Request message" without terminating the session and getting the following error in the log:

[ERROR] [OAMSSA-20023] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 005D3dD0bun85ysawhYfMG0001lL000Bh6,0:3] [APP: oam_server#11.1.2.0.0] [URI: /oam/server/auth_cred_submit] Authentication Failure for user : uid=sraya04,cn=users,dc=safeway,dc=com, for idstore OIMIDStore with exception oracle.igf.ids.AuthenticationException: Authentication failed for user uid=sraya04,cn=users,dc=safeway,dc=com. AdditionalInfo: LDAP Error 49 : [LDAP: error code 49 - The password provided by the user did not match any password(s) stored in the user's entry] with primary error message {3}
[ERROR] [FED-15074] [oracle.security.fed.eventhandler.fed.profiles.idp.ProcessRequestEventHandler] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 005D3dHzwM_85ysawhYfMG0001lL000BsY,0:1] [APP: oam_server#11.1.2.0.0] [URI: /oamfed/idp/samlv20] The user authenticated at identity provider is different from the user specified in the request message.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms