Oracle Access Manager (OAM) Federated Service As A Federation Proxy Sends "MULTIVALUEGROUPS" Response As A Single String Value (Doc ID 2890525.1)

Last updated on AUGUST 18, 2022

Applies to:

Oracle Access Manager - Version 12.2.1.4.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Access Manager acting as an Identity Provider (IdP), posts all groups on one line in SAML Response to Service Provider(SP) instead of multiple lines when acting as a Federation Proxy.

**Background**
Using federation proxy
The Identity Provider (IdP) returns multi-valued groups to fed proxy
These groups are set in OAM session
The Service Provider (SP) attribute profile in Fed proxy sets the above saved session value in SAML response
As the session attribute is serialized as a string, the Fed proxy returns the attribute as a ':' delimited string.

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Oracle Access Manager (OAM) Federated Service As A Federation Proxy Sends "MULTIVALUEGROUPS" Response As A Single String Value (Doc ID 2890525.1)

Applies to:

Symptoms

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!