My Oracle Support Banner

OES SM Returning An Extraneous "Unknown" Attribute When Condition Is Used (Doc ID 2318954.1)

Last updated on OCTOBER 14, 2019

Applies to:

Oracle Entitlements Server - Version to [Release 11g]
Information in this document applies to any platform.


On : version, Security Modules

Why does SM return an extraneous "Unknown" attribute when condition is used?


An authorization policy that includes a condition on an attribute, 'uid':

uid = <USERNAME>

When testing a request against the policy, can get a Permit, but in the OES SM logging, notice that the attribute seems to be returning as two values.

Here is the log:

== Start Of Policy Evaluation Info ==========
Application: test

Requested Resource Type: <RESOURCE_TYPE>

Requested Resource: <RESOURCE_NAME>

Requested Resource Present: false

Requested Action: <ACTION>

Request Subject Principals:

Effective Roles Granted: [authenticated-role]

Role-Mapping Policies: NONE

Static Role Grants: NONE

Denied Static Role Grants: NONE

Authorization Policies:
1.Policy Name: <POLICY_NAME>
Matched Policy Principals:
Policy Principals Semantics: OR
Matched Policy Resource-Actions:
Resource = /<RESOURCE_NAME>, Action = ANY
Policy Obligations: NONE
Policy Evaluation Result: GRANT
Policy Rules:
Rule Name: <POLICY_NAME>
Rule Effect: GRANT
Rule Condition: (uid = <USERNAME>)
Evaluated Rule Attributes and Functions:
uid(Dynamic, String) = <USERNAME>
uid(Unknown, String) =
Rule Evaluation Result: GRANT

Notice that the attribute appears twice:

uid(Dynamic, String) = <USERNAME>
uid(Unknown, String) =

Both WS SM and Java SM have the same issue


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.