Oracle Access Manager (OAM) Federation During Single Sign-On The Identity Provider (IdP) Sends The Group Attributes In A Comma Separated Format And Not In Separate SAML Statements Format
(Doc ID 2757982.1)
Last updated on MARCH 11, 2021
Applies to:Oracle Access Manager - Version 220.127.116.11.200908 and later
Information in this document applies to any platform.
During Single Sign-On The Identity Provider (IDP) Sends The Group Attributes In A Comma Separated Format And Not In Separate SAML Statements Format Causing Authentication to Fail
- Oracle Access Manager (OAM) 18.104.22.168.200908 is the Identity Provider (IdP)
- Weblogic is the Service Provider (SP)
- Integration works fine when groups are passed as separate values as part of SAML assertion
- The issue is only seen when a User belongs to multiple groups and as part of the User Profile
- When a User belongs to multiple groups and as part of the User Profile while using Federation, user Attribute needs to be specified
- $user.Groups is the Attribute to be specified for the User Profile to have the User Groups to be reflected
- Weblogic as the Service Provider (SP) requires the Group attributes in separate SAML statements instead of comma separated
What is being sent in the SAML assertion ...
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document