IdP Partner Configured With Message Level Encryption Causing 404 Error On Oracle Access Manager 11g R2PS3 (OAM 11.1.2.3) Federation Configured As SP (Doc ID 2595431.1)

Last updated on SEPTEMBER 07, 2023

Applies to:

Symptoms

Oracle Access Manager 11g R2PS3 (OAM 11.1.2.3) Federation configured as SP. OAM is proxied (OAM LB URL set to the DCC OHS host) by DCC OHS/WebGate. This OAM SP is integrated with a IdP Partner and this federation SSO was working fine until the IdP partner was configured for message level encryption. The SSO would error out with a HTTP 404 URL not found at the OAM DCC URL : "POST /oam/server/fed/sp/sso HTTP/1.1" 404.

Encryption method as outlined in this documentation.

Key transport Algorithm documentation.

This works in one environment, but when moving to the next environment the Federation ends up giving OAM page: /oam/server/fed/sp/sso HTTP 404

The OAM SP setup is configured per document, and has also matched the java.security file of the java (Java version "1.7.0_231" Java(TM) SE Runtime Environment (build 1.7.0_231-b08)) to see that it is configured to support this negotiation between the IdP and the SP partner.

However, between the working and the non-working setup, there was a missing kernel upgrade and upgrading the kernel from OEL 7.4 3.8.13-118.15.1.el7uek.x86_64 -> OEL 7.6 4.14.35-1844.2.5.el7uek.x86_64 resolved the issue.

There is no evidence that could be linked between the OAM DC proxied SP integration with the IdP had anything to do with this kernel upgrade.

This Note is to act as a recommendation that the system and the OAM services be always kept updated with all the patches released under "Recommended" tag to be on top of the BUG fixes for machine setups.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.