Post data preservation fails and the value gets truncated when the user credential data size excees beyond 500 characters (Doc ID 2295778.1)

Last updated on AUGUST 11, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.
Oracle Webgate - 11.1.1.7.0 & later before 11.1.2.1.0


ACTUAL BEHAVIOR
---------------
Credentials being passed to custom plugin are getting truncated when characters sumbitted/posted are beyond 500.


EXPECTED BEHAVIOR
-----------------
Credentials being passed to custom plugin should not be limited.

STEPS
-----
The issue can be reproduced at will with the following steps:
1. Use any out of the box authentication scheme with custom plugin module
2) Access any OAM protected URL-> It redirects to the standard OAM login page.
3) Provide user id as a string that is above 500 character
4) You can provide password, hit submit.
5) Check the OAM server logs and it captures authentication failure and long string which was entered beyond 500.

BUSINESS IMPACT
---------------
users are not authenticated against the OAM protected resources.

Symptoms

1.

oam_server1-diagnostic.log:

------------------------------

[2017-08-03T10:49:38.303+05:30] [oam_server1] [ERROR] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0cea3b266129fd11:-4dd8d560:15da2afee3e:-8000-000000000001241b,0] [APP: oam_server#11.1.2.0.0] Plugin Execution Failed.[[

oracle.security.am.plugin.authn.AuthenticationException
at oracle.security.am.pswdmgmt.plugin.PasswordStatusDelegate.handlePasswordStatus(PasswordStatusDelegate.java:132)
at oracle.security.am.pswdmgmt.plugin.PswdPlugin.process(PswdPlugin.java:124)
at oracle.security.am.engine.authn.internal.executor.PlugInExecutor.execute(PlugInExecutor.java:205)
at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:109)
at oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl.validateUser(AuthenticationEngineControllerImpl.java:269)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.authenticateUser(AuthnEngineController.java:890)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.processEvent(AuthnEngineController.java:326)
at oracle.security.am.controller.MasterController.processEvent(MasterController.java:596)
at oracle.security.am.controller.MasterController.processRequest(MasterController.java:788)
at oracle.security.am.controller.MasterController.process(MasterController.java:708)
at oracle.security.am.pbl.PBLFlowManager.delegateToMasterController(PBLFlowManager.java:209)
at oracle.security.am.pbl.PBLFlowManager.handleBaseEvent(PBLFlowManager.java:147)
at oracle.security.am.pbl.PBLFlowManager.processRequest(PBLFlowManager.java:107)
at oracle.security.am.pbl.transport.http.AMServlet.handleRequest(AMServlet.java:212)
at oracle.security.am.pbl.transport.http.AMServlet.doPost(AMServlet.java:170)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:464)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:121)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:211)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:265)
at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:133)
at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3748)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3714)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2283)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2182)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1499)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20023: Authentication Failure for user : cn=atiwari2,ou=vodafone users,dc=vodafone,dc=com, for idstore DEVOID with exception oracle.igf.ids.AuthenticationException: Authentication failed for user cn=atiwari2,ou=vodafone users,dc=vodafone,dc=com. AdditionalInfo: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials] with primary error message LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]
at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getIDSSpecificException(IDSUserProviderImpl.java:838)
at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.authenticateUser(IDSUserProviderImpl.java:911)
at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.authenticateUser(IdentityProviderImpl.java:1368)
at oracle.security.am.engines.common.identity.provider.impl.OracleUserIdentityProvider.authenticateUser(OracleUserIdentityProvider.java:498)
at oracle.security.am.plugin.authn.UserAuthenticationPlugIn.process(UserAuthenticationPlugIn.java:204)
... 43 more
Caused by: oracle.igf.ids.AuthenticationException: Authentication failed for user cn=atiwari2,ou=vodafone users,dc=vodafone,dc=com. AdditionalInfo: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]
at oracle.igf.ids.arisid.ArisIdServiceManager.compareEntity(ArisIdServiceManager.java:1828)
at oracle.igf.ids.UserManager.authenticateUser(UserManager.java:695)
at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.authenticateUser(IDSUserProviderImpl.java:903)
... 46 more
Caused by: oracle.igf.ids.arisid.ArisIdAuthException: Authentication failed for user cn=atiwari2,ou=vodafone users,dc=vodafone,dc=com. AdditionalInfo: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]
at com.oracle.ovd.arisid.OvdIdsStackProvider.doCompare(OvdIdsStackProvider.java:985)
at com.oracle.ovd.arisid.ArisIdStackProvider.doCompare(ArisIdStackProvider.java:136)
at org.openliberty.arisid.Interaction.doCompare(Interaction.java:1088)
at oracle.igf.ids.arisid.ArisIdServiceManager.compareEntity(ArisIdServiceManager.java:1768)
... 48 more
Caused by: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]
at oracle.ods.virtualization.operation.BindOperation.process(BindOperation.java:128)
at oracle.ods.virtualization.service.DefaultVirtualizationSession.processOperation(DefaultVirtualizationSession.java:394)
at oracle.ods.virtualization.service.DefaultVirtualizationSession.bind(DefaultVirtualizationSession.java:137)
at com.oracle.ovd.arisid.OvdIdsStackProvider.doCompare(OvdIdsStackProvider.java:922)
... 51 more
Caused by: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:1098)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:989)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:439)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.bind(ConnectionHandle.java:183)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.bind(BackendJNDI.java:524)
at oracle.ods.virtualization.engine.chain.Chain.nextBind(Chain.java:228)
at oracle.ods.virtualization.engine.chain.BasePlugin.bind(BasePlugin.java:74)
at oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.bind(UserManagement.java:781)
at oracle.ods.virtualization.engine.chain.Chain.nextBind(Chain.java:238)
at oracle.ods.virtualization.engine.chain.PluginChain.runBind(PluginChain.java:175)
at oracle.ods.virtualization.engine.chain.PluginManager.runBind(PluginManager.java:288)
at oracle.ods.virtualization.engine.chain.PluginManager.runBind(PluginManager.java:274)
at oracle.ods.virtualization.engine.backend.AdapterServiceInterface.bind(AdapterServiceInterface.java:293)
at oracle.ods.virtualization.engine.backend.BackendHandler.bind(BackendHandler.java:363)
at oracle.ods.virtualization.engine.chain.Chain.nextBind(Chain.java:220)
at oracle.ods.virtualization.engine.chain.plugins.genericmapping.GenericMapper.bind(GenericMapper.java:196)
at oracle.ods.virtualization.engine.chain.Chain.nextBind(Chain.java:238)
at oracle.ods.virtualization.engine.chain.BasePlugin.bind(BasePlugin.java:74)
at oracle.ods.virtualization.engine.chain.Chain.nextBind(Chain.java:238)
at oracle.ods.virtualization.engine.chain.PluginChain.runBind(PluginChain.java:175)
at oracle.ods.virtualization.engine.chain.PluginManager.runBind(PluginManager.java:288)
at oracle.ods.virtualization.engine.chain.PluginManager.runBind(PluginManager.java:274)
at oracle.ods.virtualization.engine.chain.GlobalServicesInterface.runBind(GlobalServicesInterface.java:115)
at oracle.ods.virtualization.operation.BindOperation.process(BindOperation.java:113)
... 54 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2648)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2622)
at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2618)
at javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:192)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.rebind(JNDIConnectionPool.java:465)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.getLdapContext(JNDIConnectionPool.java:305)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.checkOutContext(JNDIConnectionPool.java:229)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:1088)
... 77 more

 

2. wls:/base_domain/serverConfig> displayTrustedInputConfig()

configTrustedInputs(name="DEFAULT_HEADER",maxSize="500")

configTrustedInputs(name="DEFAULT_PARAMETER",maxSize="500")

configTrustedInputs(name="DEFAULT",maxSize="500")

 

 

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms