My Oracle Support Banner

Oracle Access Manager 12c (OAM Federation: SP-Initiated SSO With DCC Tunneling Not Working (Doc ID 2498997.1)

Last updated on APRIL 11, 2021

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.


- Oracle Access Manager 12c (OAM configured as IdP.
- On the OAM side, One DCC WebGate on Apache and One Resource WebGate on Apache is configured. 
- As the IdP OAM is using the OOTB LDAPScheme. 
- /oam and /oamfed URLs are set as tunneled URLs in the DCC WebGate user defined parameters 
- /oam/.../*, /oamfed/.../* and /.../* unprotected with Public resource policy in the Application domain 

When a user accesses a protected resource on the SP the SP submits a SAML assertion authentication request to the IdP via the DCC WebGate, as expected.  The DCC WebGate submits the authentication request to the OAM Server via the OAP channel. However, the user receives a HTTP-404 error in the browser stating that the URL 
https://<DCC_HOSTNAME>/oamfed/idp/samlv20?SAMLRequest=.... could not be found.... 

Analysis of the OAM Diagnostic Log shows that the 404 is actually thrown by the OAM Server and sent back to the DCC WebGate via the OAP tunnel. The error appears to be thrown because the URI /oamfed/idp/samlv20 is not listed as allowed

"Returning 404 response as /oamfed/idp/samlv20 is not allowed " 




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.