iSupplier User Gets "Unexpected URL Parameters Have Been Detected And Will Be Ignored" at Login Prompt and wrong cancelUrl value

(Doc ID 2031280.1)

Last updated on OCTOBER 04, 2017

Applies to:

Oracle iSupplier Portal - Version 12.1.3 and later
Information in this document applies to any platform.


When attempting to respond to notification for supplier user registration the following error occurs and the


Unexpected URL parameters have been detected and will be ignored


The Debug Log shows error exception - SecurityException: Invalid parameter cancelUrl - in the sso code call

Log messages from SSO code

fnd.sso.SecureHttpRequest[$Revision: 120.10.12010000.11 $].NOICX_Sign 2 END-> No
fnd.sso.SecureHttpRequest[$Revision: 120.10.12010000.11 $].secureParse 1 REJECTED cancelUrl=http://internal.domain/OA_HTML/AppsLogin
fnd.sso.SecureHttpRequest[$Revision: 120.10.12010000.11 $].secureParse 2 END with errors
fnd.sso.SecureHttpRequest[$Revision: 120.10.12010000.11 $].verifySecurity 4 "java.lang.SecurityException: Invalid parameter cancelUrl
at oracle.apps.fnd.sso.SecureHttpRequest.secureParse(
at oracle.apps.fnd.sso.SecureHttpRequest.(
fnd.sso.SecureHttpRequest.getParameter 2 cancelUrl=
fnd.sso.SecureHttpRequest.getParameter 2 errCode=FND_SSO_PHISH_ERROR



The issue can be reproduced at will with the following steps:
1. Receive notification.
2. Click on '"Please click here to Respond".




Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms