Oracle Access Manager (OAM) Federation - Is There A Way To Control Nested Group Evaluation for Authorization
(Doc ID 2468610.1)
Last updated on JUNE 14, 2024
Applies to:
Oracle Access Manager - Version 11.1.2.3.0 and laterInformation in this document applies to any platform.
Goal
- Oracle Access Manager
- Federation
The nested group level indicates the number of levels to which nested groups are searched that the user belongs this. This is not exposed as a configuration in OAM server. Hence clients with large nested groups (such as ~1000) face potential problem with long time to process OAM login and possible timeout from WebGate thereafter.
Scenario
Authorization based on group is taking a long time as there are large number of nested group
Seeing excessive delays and some times "Access denied" errors when we enabled Token Authorization policies based on AD group. The users have large number of groups ( 100+) and OAM tries to check nested group check for each of this group on every authorization. This is causing excessive delays for SAML/Token generation. Inconsistent behavior, some times SAML is generated and sometimes access denied.
Questions
- Is there a way to disable nested group checking?
- Is there a time limit for OAM SAML authorization in OAM?
- Is there a way to control the behavior?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| References |