The Internal Flow Option Was Deprecated In OAG 11.1.2.4.0 (Doc ID 2224876.1)

Last updated on JANUARY 27, 2017

Applies to:

Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.

Goal

In OAG 11.1.2.3.0 the "Authorization Code Flow" filter can be used in the "Authorize Transaction" filter when "Use internal flow" is selected.  When using the internal flow after user registration for the application, using an HTML form and OVD LDAP, OAG extracts the "username" only.  In the same filter, the OAG 11.1.2.4 version uses the subject.id field and this returns the full DN of that user.

How is it possible to get the same result in 11.1.2.4.0 as was seen in 11.1.2.3.0?

Example:

11.1.2.4
"user_id" : "cn=21981131479,dc=user,dc=corporate,cn=users,dc=tim,dc=com,dc=br",

11.1.2.3
"user_id" : "21981131479"


Steps required to reproduce the problem:

11.1.2.3 Authorize Resource Owner:

Select one of the following:

Use internal flow

This uses the internal API Gateway flow to authorize the Resource Owner.  This is the default setting.

11.1.2.4

Note: Previous versions of the API Gateway enabled a user to call a policy to authorize the resource owner, and store the subject in a message attribute.  This field is used to provide backwards compatibility with configurations using that option.  If an authenticated user is not found in the message, the filter automatically uses the internal flow and returns the specified login form.

### Recent changes to the environment ###

OAG 11.1.2.4 upgrade
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms