Oracle Access Manager (OAM) Federation - For Persistent Federation NameID Value Being Different Between 11g And 12c For Same User
(Doc ID 2726798.1)
Last updated on SEPTEMBER 11, 2023
Applies to:
Oracle Access Manager - Version 12.1.2.3.180904 and laterInformation in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note
Symptoms
- Using following wlst command allows Oam12c Primary and clone data centers (dcs) return same NameId Value for same user, but NameID value is different between 11g and 12c for same user. Requirement is to have same NameID value returned by OAM 11g and 12c IDP for same user.
- setSPSAMLPartnerNameID(partnerName="OamIdp1", nameIDFormat="orafed-persistent", nameIDValue="", nameIDValueComputed="true")
- For details of WLST command above, please see Doc id 2715596.1
Issue can be reproduced at will with the following steps:
1. For specific IDP, Authenticate user-A in ldap to Oam11g, notice NameID format returned.
2. Authenticate same user-A in same ldap using similarly named IDS profile to Oam12c. Notice NameID returned is different value than one in point 1 above.
3. Note authentication works in each of these cases.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |