Oracle Access Manager (OAM) Custom Response Headers Are Not Set for Second Application
(Doc ID 2925499.1)
Last updated on FEBRUARY 17, 2023
Applies to:Oracle Access Manager - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
OAM custom response headers are only set for the application domain/agent profile against which the user logs into first and gets an OAM session created.
When users login to another application protected using a different application domain/agent profile on the same OAM instance in the same browser session/OAM session, OAM doesn't send/update the custom response headers configured for this application domain/agent profile.
It only has the custom headers set for the first application domain even though both profiles have unique header names and values.
Steps to Reproduce:
|1. Create an application domain "AppDomain1" with a protected resource policy and custom response header as below:
3. Login to Application protected using "AppDomain1" and check for the header "ATTRIBUTE1"
4. Open new tab in same browser and login to application protected using "AppDomain2" and check for the header "ATTRIBUTE2"
5. Notice that "ATTRIBUTE2" isn't set by OAM.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document