OAM CHAINED AUTHENTICATION RETURNS INCORRECT USER DN AND OBSSOCOOKIE (Doc ID 967349.1)

Last updated on JUNE 07, 2017

Applies to:

COREid Access - Version: 10.1.4.0.1 to 10.1.4.2 - Release: 10g to 10g
Information in this document applies to any platform.

Symptoms

Chained authentication in OAM is configured as follows -

Step 1:
cred_map against Active Directory.
validate_password

Step 2:
cred_map against Sunone Iplanet.
validate_password

The same userid exists in both the stores, but the passwords are different.
Eg. AD: user555 / myadpassword
sun1: user555 / mysunpassword

What is seen: When users login using the sun1 credentials, it authenticates the user and generates a obSSOCookie; however, the obSSOCookie is with respect to the AD user DN, although the authentication to AD failed.

Changes

This problem only appears to occur when there are custom authentication plugins defined in the chained authentication scheme.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms