OIF Resources That are Protected by Webgate Do Not Properly Handle Encoding for URL Parameters

(Doc ID 453378.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Federation - Version: 7.0.4 to 10.1.4.0.1 - Release: to 10g
Information in this document applies to any platform.
***Checked for relevance on 31-May-2010***

Goal

This document solves the problem where "OIF (with webgate) is not doing encoding for URL parameters". It also provides the steps on "How to integrate OIF with webgate."

Problem :
========
OIF is not doing URL-encoding for attributes sent in URL's, so "/" and other forbidden characters are put into query string instead of "%2B" etc.

Cause :
=======
In customer's environment /fed/idp/samlv20 path is protected by WebGate. This URL should NOT be protected by WebGate. This URL location is used for several profiles, including the logout profile. So forcing the user to be authenticated when accessing the URL will cause issues when exercising some federation flows, especially when performing a logout operation.

Customer has configured this wrongly. See the action plan mentioned below for correct configuration.


Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms