My Oracle Support Banner

OES Proxy cannot Access Identity Context variables sent from OAM through Identity Assertion (Doc ID 2389715.1)

Last updated on MARCH 06, 2019

Applies to:

Oracle Entitlements Server - Version and later
Information in this document applies to any platform.


Environment: OES, resources on OES SM proxied through OHS, and protected by OAM Webgate, OAM integrated with OAAM
OES Proxy configured at OES WLS SM level.

The issue can be reproduced at will with the following steps:
1. after have set a "permit condition" on "authorization policies" for a custom JRF Application for a specific user in the Apm console (OES), for a registered application through OES SM client in our custom WebLogic domain:
  IF GET_INTEGER_IDENTITY_CONTEXT ( 'oracle:idm:claims:risk:level' ) < 400
2. The attribute is not being read correctly, and the resource is denied to the user (the risk level it is actual "300", in respect of the condition itself).
3. The Risk level is sent through Identity Assertion from OAM to OES resource after authentication at OAM/OAAM, through response headers.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.