My Oracle Support Banner

Oracle Access Manager (OAM) Federation During Single Sign-On The Identity Provider (IdP) Sends The Group Attributes In A Comma Separated Format And Not In Separate SAML Statements Format (Doc ID 2757982.1)

Last updated on MARCH 11, 2021

Applies to:

Oracle Access Manager - Version 12.2.1.3.200908 and later
Information in this document applies to any platform.

Symptoms

During Single Sign-On The Identity Provider (IDP) Sends The Group Attributes In A Comma Separated Format And Not In Separate SAML Statements Format Causing Authentication to Fail

Background

  • When a User belongs to multiple groups and as part of the User Profile while using Federation, user Attribute needs to be specified
  • $user.Groups is the Attribute to be specified for the User Profile to have the User Groups to be reflected
  • Weblogic as the Service Provider (SP) requires the Group attributes in separate SAML statements instead of comma separated

What is being sent in the SAML assertion ...

 

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.