My Oracle Support Banner

Oracle Access Manager 11g R2PS3 (OAM 11.1.2.3) - After Setting The OAM Federation Assertion OAM Can't Find The User Who Is Logged Into The Identity Store (Doc ID 2340688.1)

Last updated on OCTOBER 23, 2019

Applies to:

Oracle Access Manager - Version 11.1.2.3.170418 and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.

Symptoms

Oracle Access Manager 11g R2PS3 (OAM 11.1.2.3.170418)

After Setting up OAM Federation, Consumer URL, Post Artifact, Etc.

OAM can't find the user who is logged into the Identity Store

[2017-12-13T02:24:22.812+00:00] [] [ERROR] [FED-15065] [oracle.security.fed.eventhandler.fed.profiles.utils.CheckUtils] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: ] [APP: #11.1.2.0.0] The destination field (https://<FEDERATION_HOSTNAME_1>/oam/server/fed/sp/sso) from the SAML 2.0 message does not match the actual request URL https://<FEDERATION_HOSTNAME_2>/oam/server/fed/sp/sso
[2017-12-13T02:24:22.814+00:00] [] [ERROR] [FED-15038] [oracle.security.fed.eventhandler.fed.profiles.utils.CheckUtils] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: ] [APP: #11.1.2.0.0] Response destination is invalid
......
[2017-12-13T02:24:22.926+00:00] [] [ERROR] [FED-15145] [oracle.security.fed.eventhandler.fed.authn.engines.oam11g.OAM11gFinishSPSSOEventHandler] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: ] [APP: #11.1.2.0.0] The Federation SSO operation with the Identity Provider partner DS META failed with the following status: top status=RESPONDER secondary status=null and message=Message could not be validated
[2017-12-13T02:24:22.927+00:00] [] [ERROR] [FED-15134] [oracle.security.fed.eventhandler.fed.authn.engines.oam11g.OAM11gFinishSPSSOEventHandler] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: ] [APP: #11.1.2.0.0] The service provider could not map the identity provider response to a user

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.