Authorization Code Is Not Obtained For Federated Users

(Doc ID 2319385.1)

Last updated on OCTOBER 23, 2017

Applies to:

Oracle Mobile and Social - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

Customer has implemented 3-legged OAuth flow. The OOTB consent page was customized by adding a federation URL. When internal users authenticate on this OOTB consent page, authorization code is generated, but if the federation URL is clicked and users authenticate on this federation login page, authorization code is not generated.

Changes

 I see OAM_ID cookie, OAM_JSessionID and ORA_OSFS_Session Cookie (for federation) present in the browser.

On Federation URL, the actual app url which is being used as return URL is OAM protected. The complete Fed URL is IDP initiated fed URL; It redirect the user to IDP for authentication and SAML assertion and then sends the user to return URL upon successful authentication and SAML assertion consumption by OAM.

Also when the user is being redirected to return URL after successful SAML assertion consumption, I see OAMAuthnHintCookie and OAMAuthnCookie_hostname.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms