Oracle Access Manager 12c (OAM 12.2.1.3.x) Token Issuance Policy Fails with a User having Comma in CN
(Doc ID 2553264.1)
Last updated on SEPTEMBER 07, 2023
Applies to:
Oracle Access Manager - Version 12.2.1.3.180622 and laterInformation in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note
Symptoms
Oracle Access Manager 12c (OAM 12.2.1.3.x) Token Issuance Policy Fails with a User having Comma in CN
- Token Issuance Policy has been setup to enforce on group membership of a Windows AD group - protecting a Federated IDP call.
- Active Directory has been configured as an IDS Profile. Group Condition has been configured in the policy for the AD group.
- With such a rule in place federated authentication fails for a user who has comma in the DN (EX: ram, nav)
- Error from log is:
failed to query entry objectclass values[[
oracle.ods.virtualization.engine.util.InvalidDNException: Provided value cannot be parsed as a valid distinguished name.
at oracle.ods.virtualization.engine.syntax.DistinguishedName.decode(DistinguishedName.java:477)
oracle.ods.virtualization.engine.util.InvalidDNException: Provided value cannot be parsed as a valid distinguished name.
at oracle.ods.virtualization.engine.syntax.DistinguishedName.decode(DistinguishedName.java:477)
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |