Oracle Access Manager 12c (OAM 12.2.1.3.0) Federation - Expression That Contain User and Groups Displays Incorrectly In the Security Assertion Markup Language (SAML) Response
(Doc ID 2619170.1)
Last updated on SEPTEMBER 22, 2023
Applies to:
Oracle Access Manager - Version 12.2.1.3.0 and laterInformation in this document applies to any platform.
Symptoms
Enabled multivaluegroups at the Federated Service Provider (SP) partner level and did not achieve the desired results.
- Trying to use expression which contains multigroups attribute in saml response
Scenario 1
Use $user.groups twice in the SP attribute profile, the first $user.groups is treated as multivaluegroup, the second $user.groups is not.
Use $user.groups twice in the SP attribute profile, the first $user.groups is treated as multivaluegroup, the second $user.groups is not.
Scenario 2
Use $user.groups is only once in a sp attribute profile and part of expression type value.
Use $user.groups is only once in a sp attribute profile and part of expression type value.
Service Provider (SP) Attribute profile
Mapping: testgroups: mytest-groups/$user.groups (value as a expression)
User who performs authentication are member of following groups.
1.:mytest:iam::NNNN:role/mygroup_no2::mytest:iam::NNNN:saml-provider/MyOAM
2.thegroup2
3.thegroup2a
4.:mytest:iam::NNNN:role/mygroup_no1
- Current behavior to display expression contains multigroups attribute in SAML response - Response output:
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |