My Oracle Support Banner

OES SM Returning An Extraneous "Unknown" Attribute When Condition Is Used (Doc ID 2318954.1)

Last updated on OCTOBER 19, 2017

Applies to:

Oracle Entitlements Server - Version and later
Information in this document applies to any platform.


On : version, Security Modules

Why does SM return an extraneous "Unknown" attribute when condition is used?


An authorization policy that includes a condition on an attribute, 'uid':

uid = gsaae01

When testing a request against the policy, can get a Permit, but in the OES SM logging, notice that the attribute seems to be returning as two values.

Here is the log:

== Start Of Policy Evaluation Info ==========
Application: test

Requested Resource Type: foo2

Requested Resource: test_ldap_param

Requested Resource Present: false

Requested Action: GET

Request Subject Principals:
  class gsaae01, OU=People, OU=oracle, O=com

Effective Roles Granted: [authenticated-role]

Role-Mapping Policies: NONE

Static Role Grants: NONE

Denied Static Role Grants: NONE

Authorization Policies:
  Matched Policy Principals:
  Policy Principals Semantics: OR
  Matched Policy Resource-Actions:
  Resource = /test_ldap_param, Action = ANY
  Policy Obligations: NONE
  Policy Evaluation Result: GRANT
  Policy Rules:
  Rule Effect: GRANT
  Rule Condition: (uid = gsaae01)
  Evaluated Rule Attributes and Functions:
  uid(Dynamic, String) = gsaae01
  uid(Unknown, String) =
  Rule Evaluation Result: GRANT

Notice that the attribute appears twice:

  uid(Dynamic, String) = gsaae01
  uid(Unknown, String) =

Both WS SM and Java SM have the same issue


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.