OES Proxy cannot Access Identity Context variables sent from OAM through Identity Assertion
(Doc ID 2389715.1)
Last updated on MAY 13, 2018
Applies to:Oracle Entitlements Server - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
Environment: OES 126.96.36.199, resources on OES SM proxied through OHS, and protected by OAM Webgate, OAM 188.8.131.52 integrated with OAAM 184.108.40.206. OES Proxy configured at OES WLS SM level. ERROR -----------------------
STEPS ----------------------- The issue can be reproduced at will with the following steps: 1. after have set a "permit condition" on "authorization policies" for a custom JRF Application for a specific user in the Apm console (OES), for a registered application through OES SM client in our custom WebLogic domain: IF GET_INTEGER_IDENTITY_CONTEXT ( 'oracle:idm:claims:risk:level' ) < 400 2. The attribute is not being read correctly, and the resource is denied to the user (the risk level it is actual "300", in respect of the condition itself). 3. The Risk level is sent through Identity Assertion from OAM to OES resource after authentication at OAM/OAAM, through response headers.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!