Oracle Access Manager 12c (OAM 188.8.131.52) Federation: SP-Initiated SSO With DCC Tunneling Not Working
(Doc ID 2498997.1)
Last updated on APRIL 11, 2021
Applies to:Oracle Access Manager - Version 184.108.40.206.180904 and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.
- Oracle Access Manager 12c (OAM 220.127.116.11) configured as IdP.
- On the OAM side, One 18.104.22.168 DCC WebGate on Apache and One Resource 22.214.171.124. WebGate on Apache is configured.
- As the IdP OAM is using the OOTB LDAPScheme.
- /oam and /oamfed URLs are set as tunneled URLs in the DCC WebGate user defined parameters
- /oam/.../*, /oamfed/.../* and /.../* unprotected with Public resource policy in the Application domain
When a user accesses a protected resource on the SP the SP submits a SAML assertion authentication request to the IdP via the DCC WebGate, as expected. The DCC WebGate submits the authentication request to the OAM Server via the OAP channel. However, the user receives a HTTP-404 error in the browser stating that the URL
https://<DCC_HOSTNAME>/oamfed/idp/samlv20?SAMLRequest=.... could not be found....
Analysis of the OAM Diagnostic Log shows that the 404 is actually thrown by the OAM Server and sent back to the DCC WebGate via the OAP tunnel. The error appears to be thrown because the URI /oamfed/idp/samlv20 is not listed as allowed
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document