Federating Two 10gAS SSO: SP Application Access Looping in Browser After IDP Login (Doc ID 467459.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Identity Federation - Version: 10.1.4.0.1 and later   [Release: 10g and later ]
Information in this document applies to any platform.
***Checked for relevance on 29-May-2010***

Symptoms

Two separate 10gAS SSO environments have been integrated with Federation with reference to documentation: Oracle´┐Ż Application Server Single Sign-On Administrator's Guide 10g (10.1.4.0.1) Chapter 13 Integrating with Oracle Identity Federation.

Steps taken:

One SSO configured as IDP and the other SSO as SP.
OIF configured to use the SAML 2.0 protocol in the circle of trust.
SSO configured on both IDP and SP for Federation integration.

Symptoms:

When accessing the application, after logging into the IDP SSO the redirect back to the application protected by SP SSO goes into loop.

The debug ssoServer.log output from SP SSO shows error 'osso_sassoTokenstring not found in request.' when authenticating.

Example ssoServer.log:

Wed Oct 31 17:53:05 CET 2007 [DEBUG] AJPRequestHandler-ApplicationServerThread-6 Calling Authentication method
Wed Oct 31 17:53:05 CET 2007 [INFO] AJPRequestHandler-ApplicationServerThread-6 osso_sassoTokenstring not found in request.
Wed Oct 31 17:53:05 CET 2007 [DEBUG] AJPRequestHandler-ApplicationServerThread-6 IPASInsufficientCredException caught in authenticate: auth_fail_exception
Wed Oct 31 17:53:05 CET 2007 [DEBUG] AJPRequestHandler-ApplicationServerThread-6 Rethrow exception
oracle.security.sso.ias904.toolkit.IPASInsufficientCredException: auth_fail_exception
at oracle.security.sso.server.auth.SASSOAuth.authenticate(SASSOAuth.java:99)
at oracle.security.sso.server.ui.SSOLoginServlet.processSSOPartnerRequest(SSOLoginServlet.java:1012)
at oracle.security.sso.server.ui.SSOLoginServlet.doPost (SSOLoginServlet.java:485)
at oracle.security.sso.server.ui.SSOLoginServlet.doGet(SSOLoginServlet.java:333)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:826)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:332)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
at java.lang.Thread.run(Thread.java:534)
....


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms