Oracle Access Manager 11g R2PS3 (OAM 11.1.2.3): DCC Login Prompt Happening After Authentication Is Successful In IDP Initiated SSO (ECC)
(Doc ID 2524698.1)
Last updated on SEPTEMBER 06, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.3.180116 and laterInformation in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.
Symptoms
Being prompted byOracle Access Manager 11g R2PS3 (OAM 11.1.2.3) Login form (A DCC protected resource) after successfully authenticated in an IDP initiated SSO (ECC).
Test1
- Open a new client web browser
- Access http://<HOSTNAME>:<PORT>/<PROTECTED_URL>
- Login through DCC WebGate
- User is authenticated successfully resource is displayed
- Now, go to OAM Console > Session Management, double check the value for "Client IP Address" - you see the IP as the Load Balancer IP (expect to see the actual Client IP)
- Open a new client web browser
- Access http://<HOSTNAME>:<PORT>/<PROTECTED_URL>
- Login through DCC WebGate
- User is authenticated successfully resource is displayed
- Now, go to OAM Console > Session Management, double check the value for "Client IP Address" - you see the IP as the Load Balancer IP (expect to see the actual Client IP)
Test2
- Open another new client web browser
- Access https://<DCC_HOSTNAME>:<DCC_PORT>/oamfed/idp/initiatesso?providerid=https://<DCC_WEBSERVER>&returnurl=http://<WEBSERVER_HOSTNAME>/<PROTECTED_URL>&myurl= (tunnelling)
- Login
- User is authenticated successfully resource is displayed
- Now, go to OAM Console > Session Management, double check the value for "Client IP Address" you see the IP as the actual Client IP Address of session (this is an expected result)
- Open another new client web browser
- Access https://<DCC_HOSTNAME>:<DCC_PORT>/oamfed/idp/initiatesso?providerid=https://<DCC_WEBSERVER>&returnurl=http://<WEBSERVER_HOSTNAME>/<PROTECTED_URL>&myurl= (tunnelling)
- Login
- User is authenticated successfully resource is displayed
- Now, go to OAM Console > Session Management, double check the value for "Client IP Address" you see the IP as the actual Client IP Address of session (this is an expected result)
- OAM diagnostic log will show similar error below
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |