Oracle Access Manager (OAM) Federation During Single Sign-On The Identity Provider (IdP) Sends The Group Attributes In A Comma Separated Format And Not In Separate SAML Statements Format
(Doc ID 2757982.1)
Last updated on MAY 10, 2024
Applies to:
Oracle Access Manager - Version 11.1.2.3.0 and laterInformation in this document applies to any platform.
Symptoms
During Single Sign-On The Identity Provider (IDP) Sends The Group Attributes In A Comma Separated Format And Not In Separate SAML Statements Format Causing Authentication to Fail
- Oracle Access Manager (OAM) is the Identity Provider (IdP)
- Weblogic is the Service Provider (SP)
- Integration works fine when groups are passed as separate values as part of SAML assertion
- The issue is only seen when a User belongs to multiple groups and as part of the User Profile
Background
When a User belongs to multiple groups and as part of the User Profile while using Federation, user Attribute needs to be specified
$user.Groups is the Attribute to be specified for the User Profile to have the User Groups to be reflected
Weblogic as the Service Provider (SP) requires the Group attributes in separate SAML statements instead of comma separated
What is being sent in the SAML assertion ...
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |