HTTP-503 Error with Oracle SSO Third Party Authentication Integration (Doc ID 746015.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Application Server Single Sign-On - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 01-JAN-2016***

Symptoms

SSO documentation reference:

Oracle® Application Server Single Sign-On Administrator's Guide
Chapter 14 Integrating with Third-Party Access Management Systems

A custom authentication module in Oracle SSO has been implemented that reads 'data' headers containing the encrypted user token, etc. However, the headers cannot be found in the request.getSession() object in the custom login module so SSO authentication is failing with error HTTP-503 Service Unavailable.

Using an HTTP header tracing tool it is possible to verify that the 'data' headers are being set:

GET /senddata HTTP/1.1
Host: sso.infra.com:81
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

HTTP/1.x 302 Redirect to Oracle SSO Server
Date: Fri, 26 Sep 2008 10:20:39 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
Location: http://sso.infra.com:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~065CD155~ECFD5040819D72CF4DA405ECFC072EC3F9AB7D26B7A84D2B537D8CA3BE96D083411476ED34653D3C8276886813CD63D2FE3C2F11EFF65B27C810F3EABAB4176FB9FC9C39D43A92E7950B96A22B7A82B9B7B34662A5C3EE606D61A36FB15783D7374DB5204EE5D9D24B504DA86A11BC7155BACE93E628142F44D429C0A3FAA840DDCE3680F321BAE6DDCB2562DEC70DDADA62747F28251DD22C1779D70B630AAE4751AF0903B5A541BEEAD32B6F0EF1A5E1800DBFB95B24F4E356FD8E5550CE571FDE91C3332DBDE96A8055F5F86B7C4B31AF172012CA3265079D1DA5D918A919
Cache-Control: max-age=0, no-cache, no-store, private
Pragma: no-cache
Expires: 0
Content-Type: text/html; charset=ISO-8859-1
data1: fIMqLDuOSgc2DOD9KmMctUpLyYRkkOLR+V9cE6fhnkm7NW9zOwO1RKZQ+MW1vobEd/MGFWoYXtcayYS3vgJ2/lzXMEXGnMNlt6QaxqxIxPhx/h19fxJdiOtXGtMrNgajDozGVUV27k70ZFkXSDq+TLTswx5TI1PLuVMk8+M3AB0=
data2: jAxKmnU4HvVSiSVb6BkpqVXK+xQmUiDFwdPURb9SlgH6BVakQozzxOheJrNy2BvZ89WTJlxD3IRFViFCowEF+w/9w/xYRGnmrUNmr3EAp6en+DYE4FZYLxxxf+GfrkHBoQ816U4Yuo+Fg8Boj/7dPo8To5fFmKuG4LTbdiN80jE=
data3: 4zjDfbMWnyCdu4zy1hx/BupIOdjEOZ1J6Wfzzm/VjbNG5Tn0M/kWGJ2d5+u80P39ijKKfXpS86qK5nm7GeuI+oPt21TiL2K9eqgy6cQWdwTPzsD4UPHqpmgiPVG1SONcVfmzXR9o4U5ZmSQ0n0JL+O5qQ+Xx7DMKNdW5eVZNZbc=
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~065CD155~ECFD5040819D72CF4DA405ECFC072EC3F9AB7D26B7A84D2B537D8CA3BE96D083411476ED34653D3C8276886813CD63D2FE3C2F11EFF65B27C810F3EABAB4176FB9FC9C39D43A92E7950B96A22B7A82B9B7B34662A5C3EE606D61A36FB15783D7374DB5204EE5D9D24B504DA86A11BC7155BACE93E628142F44D429C0A3FAA840DDCE3680F321BAE6DDCB2562DEC70DDADA62747F28251DD22C1779D70B630AAE4751AF0903B5A541BEEAD32B6F0EF1A5E1800DBFB95B24F4E356FD8E5550CE571FDE91C3332DBDE96A8055F5F86B7C4B31AF172012CA3265079D1DA5D918A919 HTTP/1.1
Host: sso.infra.com:7777
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive

HTTP/1.x 503 Service Unavailable
Server: squid/2.6.STABLE12
Date: Fri, 26 Sep 2008 10:21:05 GMT
Content-Type: text/html
Content-Length: 1228
Expires: Fri, 26 Sep 2008 10:21:05 GMT
X-Squid-Error: ERR_CONNECT_FAIL 113
X-Cache: MISS from cache1.infra.com
X-Cache-Lookup: MISS from cache1.infra.com:80
Via: 1.0 cache1.infra.com:80 (squid/2.6.STABLE12)
Proxy-Connection: close



For test purposes an external Apache HTTP server has been configured to proxy a request with additional header information (data1, data2, and data3) to the Oracle SSO server. The custom SSO login module will use these headers to extract the authenticated user information for SSO.

Apache proxy configuration:

<VirtualHost *:81>
ServerName sso.infra.com

Header set data1

"fIMqLDuOSgc2DOD9KmMctUpLyYRkkOLR+V9cE6fhnkm7NW9zOwO1RKZQ+MW1vobEd/MGFWoYXtcayYS3vgJ2/lzXMEXGnMNlt6Q
axqxIxPhx/h19fxJdiOtXGtMrNgajDozGVUV27k70ZFkXSDq+TLTswx5TI1PLuVMk8+M3AB0="

Header set data2

"jAxKmnU4HvVSiSVb6BkpqVXK+xQmUiDFwdPURb9SlgH6BVakQozzxOheJrNy2BvZ89WTJlxD3IRFViFCowEF+w/9w/xYRGnmrUN
mr3EAp6en+DYE4FZYLxxxf+GfrkHBoQ816U4Yuo+Fg8Boj/7dPo8To5fFmKuG4LTbdiN80jE="

Header set data3

"4zjDfbMWnyCdu4zy1hx/BupIOdjEOZ1J6Wfzzm/VjbNG5Tn0M/kWGJ2d5+u80P39ijKKfXpS86qK5nm7GeuI+oPt21TiL2K9eqg
y6cQWdwTPzsD4UPHqpmgiPVG1SONcVfmzXR9o4U5ZmSQ0n0JL+O5qQ+Xx7DMKNdW5eVZNZbc="

ProxyPass /senddata http://sso.infra.com:7777/sso/pages/home.jsp

</VirtualHost>



Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms