OES Proxy cannot Access Identity Context variables sent from OAM through Identity Assertion
(Doc ID 2389715.1)
Last updated on MARCH 06, 2019
Oracle Entitlements Server - Version 126.96.36.199.0 and later Information in this document applies to any platform.
Environment: OES 188.8.131.52, resources on OES SM proxied through OHS, and protected by OAM Webgate, OAM 184.108.40.206 integrated with OAAM 220.127.116.11.
OES Proxy configured at OES WLS SM level.
The issue can be reproduced at will with the following steps:
1. after have set a "permit condition" on "authorization policies" for a custom JRF Application for a specific user in the Apm console (OES), for a registered application through OES SM client in our custom WebLogic domain:
IF GET_INTEGER_IDENTITY_CONTEXT ( 'oracle:idm:claims:risk:level' ) < 400
2. The attribute is not being read correctly, and the resource is denied to the user (the risk level it is actual "300", in respect of the condition itself).
3. The Risk level is sent through Identity Assertion from OAM to OES resource after authentication at OAM/OAAM, through response headers.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!