OES Proxy cannot Access Identity Context variables sent from OAM through Identity Assertion
Last updated on MAY 13, 2018
Applies to:Oracle Entitlements Server - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
Environment: OES 18.104.22.168, resources on OES SM proxied through OHS, and protected by OAM Webgate, OAM 22.214.171.124 integrated with OAAM 126.96.36.199. OES Proxy configured at OES WLS SM level. ERROR -----------------------
STEPS ----------------------- The issue can be reproduced at will with the following steps: 1. after have set a "permit condition" on "authorization policies" for a custom JRF Application for a specific user in the Apm console (OES), for a registered application through OES SM client in our custom WebLogic domain: IF GET_INTEGER_IDENTITY_CONTEXT ( 'oracle:idm:claims:risk:level' ) < 400 2. The attribute is not being read correctly, and the resource is denied to the user (the risk level it is actual "300", in respect of the condition itself). 3. The Risk level is sent through Identity Assertion from OAM to OES resource after authentication at OAM/OAAM, through response headers.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms