Oracle Access Manager (OAM) Federation During Single Sign-On The Identity Provider (IdP) Sends The Group Attributes In A Comma Separated Format And Not In Separate SAML Statements Format
(Doc ID 2757982.1)
Last updated on JUNE 13, 2022
Applies to:
Oracle Access Manager - Version 12.2.1.3.200908 and laterInformation in this document applies to any platform.
Symptoms
During Single Sign-On The Identity Provider (IDP) Sends The Group Attributes In A Comma Separated Format And Not In Separate SAML Statements Format Causing Authentication to Fail
- Oracle Access Manager (OAM) 12.2.1.3.200908 is the Identity Provider (IdP)
- Weblogic is the Service Provider (SP)
- Integration works fine when groups are passed as separate values as part of SAML assertion
- The issue is only seen when a User belongs to multiple groups and as part of the User Profile
Background
- When a User belongs to multiple groups and as part of the User Profile while using Federation, user Attribute needs to be specified
- $user.Groups is the Attribute to be specified for the User Profile to have the User Groups to be reflected
- Weblogic as the Service Provider (SP) requires the Group attributes in separate SAML statements instead of comma separated
What is being sent in the SAML assertion ...
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |