My Oracle Support Banner

E-Mail links and logins see Unexpected URL parameters and FND_SSO_PHISH_ERROR (Doc ID 552125.1)

Last updated on JUNE 01, 2024

Applies to:

Oracle E-Business Suite Technology Stack - Version to 12.1.3 [Release 11.5.10 to 12.1]
Information in this document applies to any platform.


Various products such as Oracle Workflow and Oracle iLearning generate hyperlinks embedded within e-mails with hypertext such as "Please Click Here to Respond". Clicking "Please Click Here to Respond" sends a user to a login screen which may have the following error message:

The login screen is expected, but the error message is not and the parameters that would guide the user directly to the notification page are therefore lost. This generally results in the user being left at the responsibility navigator screen as with a normal login. At that point, the user can still navigate to their worklist to view the notification, but they should have been taken directly to the notification details. 

The second aspect of the problem is that after the user successfully logs in to the E-Business suite they can click on the hyperlink again and be taken directly to the notification details screen without any error message.  Also, if the user had previously logged in to the E-Business suite and still has a valid session, they will not have to login again and will also be taken directly to the notification details screen without any error message.

The underlying problem causing the unexpected URL parameters to be ignored is an FND_SSO_PHISH_ERROR which can be seen embedded in the login screen's URL such as in the following example (parsed for neatness):

Troubleshooting Steps

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Troubleshooting Steps
 How to Trace This Type of Problem
 How to Analyze the Traces Generated
 Example 1 - The CancelURL is REJECTED in a DMZ Environment
 Example 2 - The requestURL is REJECTED in an environment with an SSL Accelerator
 Example 3 - The cancelURL is REJECTED in an environment using the default HTTP/HTTPS ports of 80 and 443 
 Example 4 - RequestURL Rejected When The Server Has a Virtual Name

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.