My Oracle Support Banner

OES Proxy cannot Access Identity Context variables sent from OAM through Identity Assertion (Doc ID 2389715.1)

Last updated on MAY 13, 2018

Applies to:

Oracle Entitlements Server - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

Environment: OES 11.1.2.3, resources on OES SM proxied through OHS, and protected by OAM Webgate, OAM 11.1.2.3 integrated with OAAM 11.1.2.3.
OES Proxy configured at OES WLS SM level.

ERROR
-----------------------
STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. after have set a "permit condition" on "authorization policies" for a custom JRF Application for a specific user in the Apm console (OES), for a registered application through OES SM client in our custom WebLogic domain:
  IF GET_INTEGER_IDENTITY_CONTEXT ( 'oracle:idm:claims:risk:level' ) < 400
2. The attribute is not being read correctly, and the resource is denied to the user (the risk level it is actual "300", in respect of the condition itself).
3. The Risk level is sent through Identity Assertion from OAM to OES resource after authentication at OAM/OAAM, through response headers.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.