iSupplier User Gets "Unexpected URL Parameters Have Been Detected And Will Be Ignored" at Login Prompt and wrong cancelUrl value

(Doc ID 2031280.1)

Last updated on OCTOBER 04, 2017

Applies to:

Oracle iSupplier Portal - Version 12.1.3 and later
Information in this document applies to any platform.

Symptoms

When attempting to respond to notification for supplier user registration the following error occurs and the

ERROR

Unexpected URL parameters have been detected and will be ignored

DEBUG LOG

The Debug Log shows error exception - SecurityException: Invalid parameter cancelUrl - in the sso code call

Log messages from SSO code

...
fnd.sso.SecureHttpRequest[$Revision: 120.10.12010000.11 $].NOICX_Sign 2 END-> No
fnd.sso.SecureHttpRequest[$Revision: 120.10.12010000.11 $].secureParse 1 REJECTED cancelUrl=http://internal.domain/OA_HTML/AppsLogin
fnd.sso.SecureHttpRequest[$Revision: 120.10.12010000.11 $].secureParse 2 END with errors
fnd.sso.SecureHttpRequest[$Revision: 120.10.12010000.11 $].verifySecurity 4 "java.lang.SecurityException: Invalid parameter cancelUrl
at oracle.apps.fnd.sso.SecureHttpRequest.secureParse(SecureHttpRequest.java:1289)
at oracle.apps.fnd.sso.SecureHttpRequest.(SecureHttpRequest.java:1211)
...
fnd.sso.SecureHttpRequest.getParameter 2 cancelUrl=
fnd.sso.SecureHttpRequest.getParameter 2 errCode=FND_SSO_PHISH_ERROR
...

 

STEPS TO REPRODUCE

The issue can be reproduced at will with the following steps:
1. Receive notification.
2. Click on '"Please click here to Respond".

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms