My Oracle Support Banner

Oracle Access Manager (OAM) Federation - Is There A Way To Control Nested Group Evaluation for Authorization (Doc ID 2468610.1)

Last updated on JUNE 14, 2024

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.


The nested group level indicates the number of levels to which nested groups are searched that the user belongs this. This is not exposed as a configuration in OAM server. Hence clients with large nested groups (such as ~1000) face potential problem with long time to process OAM login and possible timeout from WebGate thereafter. 


Authorization based on group is taking a long time as there are large number of nested group

Seeing excessive delays and some times "Access denied" errors when we enabled Token Authorization policies based on AD group. The users have large number of groups ( 100+) and OAM tries to check nested group check for each of this group on every authorization. This is causing excessive delays for SAML/Token generation. Inconsistent behavior, some times SAML is generated and sometimes access denied.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.