OIF Resources That are Protected by Webgate Do Not Properly Handle Encoding for URL Parameters
Last updated on MARCH 08, 2017
Applies to:COREid Federation - Version: 7.0.4 to 10.1.4.0.1 - Release: to 10g
Information in this document applies to any platform.
***Checked for relevance on 31-May-2010***
This document solves the problem where "OIF (with webgate) is not doing encoding for URL parameters". It also provides the steps on "How to integrate OIF with webgate."
OIF is not doing URL-encoding for attributes sent in URL's, so "/" and other forbidden characters are put into query string instead of "%2B" etc.
In customer's environment /fed/idp/samlv20 path is protected by WebGate. This URL should NOT be protected by WebGate. This URL location is used for several profiles, including the logout profile. So forcing the user to be authenticated when accessing the URL will cause issues when exercising some federation flows, especially when performing a logout operation.
Customer has configured this wrongly. See the action plan mentioned below for correct configuration.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms