When Switching From Lower Level AuthN Scheme to Higher Level TAPScheme User's Are Not Prompted For Username/Password (Doc ID 2565982.1)

Last updated on DECEMBER 01, 2023

Applies to:

Symptoms

After properly configuring OAM/OAAM integration user's are prompted for their username, password, and KBA challenge questions upon accessing a resource protected with the OAM TAPScheme authentication scheme. This is working properly and as expected. However, if the user has already authenticated via lower-level authentication scheme and then access the TAPScheme-protected resource that has a higher level authentication level then the user is only prompted for their KBA challenge questions.

For example:

App1 Authn Scheme : LDAPScheme_OUDStore
App1 Authn Level : 2
App1 Resource URL : http://hostname.domain:port/index.html

App2 Authn Scheme : TAPScheme
App2 Authn Level : 4
App2 Resource URL : http://hostname.domain:port/oaamtap.html

When accessing the App1 resource the user is prompted for username and password for OUD and login works as expected. Then in the same browser accessing the App2 resource the user is prompted for only their KBA challenge question and skips the username and password steps. 

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.