Oracle Access Manager (OAM) Adaptive Authentication Rule for Memberof Transformation Fails For Some Users
(Doc ID 2892100.1)
Last updated on MAY 16, 2024
Applies to:
Oracle Access Manager - Version 12.2.1.4.210920 and laterInformation in this document applies to any platform.
Symptoms
Adaptive Authentication Rule for Memberof Transformation Fails For Some Users
- Oracle Access Manager (OAM)
- Oracle Unified Directory (OUD) Proxy in front of OUD and 3 Active Directories (AD) domains.
- memberof tranformation rule so to get the group membership in one attribute through the proxy.
- Using the following rule to exclude some users from 2FA - str(user.userMap['memberof']).lower().find('idmbypass2fa') <= 0 (if a user has the group idmbypass2fa 2fa is not enforced otherwise ask for 2fa).
- This works fine with some users but with others it doesn't.
- No difference in the user objects in LDAP.
- The output of the "memberof" attribute from a header in OAM for the users that do not work, the "memberof value" is not complete.
- From the OAM log ...
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |