My Oracle Support Banner

Cannot login to OCC Store with SSO. Access Denied. (Doc ID 2485524.1)

Last updated on MAY 16, 2024

Applies to:

Oracle Commerce Cloud Service - Version 21.1.1 and later
Information in this document applies to any platform.


Attempt to use SSO to sign-into to storefront returns a 403 response, where the page shows "Access to <productionURL> is denied". When looking at the browsers network tab also seeing the request to https://<productionURL>/<site_context>/SAML/post is returning a 403. 



Tried following the instructions outlined in -AND- including 

  1. Enabling SSO via PUT /ccadmin/v1/merchant/samlSettings
  2. Separately for each Site download the  service provider entity descriptors via GET /ccstore/v1/merchant/samlSettings (note: set the X-CCSITE header parameter to retrieve each sites descriptor) 
  3. Verified the entityID in spEntityDescriptor points to https://<productionURL> (or https://<productionURL>/<site_context>) (note: repeated this steps for each site)
  4. Within spEntityDescriptor, verified the AssertionConsumerService -> Location, points to https://<productionURL>/SAML/post (or https://<productionURL>/<site_context>/SAML/post) (note: repeated this steps for each site)
  5. Saved the value of spEntityDescriptor from GET /ccstore/v1/merchant/samlSettings as a standalone document (note: repeated this steps for each site)
  6. Updated the Identity Provider with the 'signing' and 'encryption' X509 certificates from the spEntityDescriptor (note: repeated this steps for each site)



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.