Oracle Access Manager (OAM 11.1.2.3.x) Access Portal Service Extension ESSODirectSubmit Does not Work When The User Has A Double Quote In The Password (") (Doc ID 2320451.1)

Last updated on NOVEMBER 02, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.3.170418 and later
Oracle Access Portal - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

OAM BP 11.1.2.3.170418
Webgate Iplanet (OTD) 11.1.2.3.0
ESSODirectSubmit does not work when the user has a double quote in his password (")

ESSODirectSubmit is an extension of OAM's Access Portal Service and it is designed to implement form fill of credentials into OAM protected web applications without the use of javascript (columbiaWeb.js).

This feature can be used after installing the following patches:
<Patch:24758508> for OAM
<Patch:25742669> for OTD Webgate

This feature is working just fine except when the password contains a double quote because the HTML that is returned back to perform form fill does not escape this particular character to ". The bottom line is that the code will need to make sure that passwords are HTML-safe, otherwise the browser itself could truncate it.  

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms