My Oracle Support Banner

Oracle Access Manager 12c (OAM 12.2.1.3) Federation: SP-Initiated SSO With DCC Tunneling Not Working (Doc ID 2498997.1)

Last updated on APRIL 11, 2021

Applies to:

Oracle Access Manager - Version 12.2.1.3.180904 and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.

Symptoms

- Oracle Access Manager 12c (OAM 12.2.1.3) configured as IdP.
- On the OAM side, One 11.1.2.3 DCC WebGate on Apache and One Resource 11.1.2.3. WebGate on Apache is configured. 
- As the IdP OAM is using the OOTB LDAPScheme. 
- /oam and /oamfed URLs are set as tunneled URLs in the DCC WebGate user defined parameters 
- /oam/.../*, /oamfed/.../* and /.../* unprotected with Public resource policy in the Application domain 


When a user accesses a protected resource on the SP the SP submits a SAML assertion authentication request to the IdP via the DCC WebGate, as expected.  The DCC WebGate submits the authentication request to the OAM Server via the OAP channel. However, the user receives a HTTP-404 error in the browser stating that the URL 
https://<DCC_HOSTNAME>/oamfed/idp/samlv20?SAMLRequest=.... could not be found.... 


Analysis of the OAM Diagnostic Log shows that the 404 is actually thrown by the OAM Server and sent back to the DCC WebGate via the OAP tunnel. The error appears to be thrown because the URI /oamfed/idp/samlv20 is not listed as allowed

"Returning 404 response as /oamfed/idp/samlv20 is not allowed " 



Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.