OAM 10g: Webgate - Authenticated but Unauthorized User is Returned Http Code 302 Instead of 404

(Doc ID 760844.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

COREid Access - Version: and later   [Release: 10g and later ]
Information in this document applies to any platform.


When an authenticated, but unauthorized user attempts to access a resource protected with a form-based authentication scheme the user is directed to a page with HTTP 302. With Oracle Access Manager (OAM) version 7.0.4 a HTTP 403 or HTTP 404 was returned. As the Google search engine treats a HTTP-302, redirection as a success it returns unothorised URLs to user


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms