OAM 11g : Authorization headers are not passed to downstream applications

Readers,

Just another post on OAM 11g issue that I have recently seen. OAM version could be 11g R1 or later. It is common practice for OAM to pass headers to downstream applications for userid or any other user/session attributes for SSO to work.

Recently while working on EBS 12.2 and OAM PS3 SSO integration, I have tested OOTB OHS cgi script printenv for printing headers just to ensure that userid, guid are passed along. I found that OAM headers set in Authorization Response are not passed and therefore not printed on printenv script output.

I later came to know that it is OAM-OIM integrated environment thus SSOOnlyMode flag is set to true in oam-config.xml which will disable authorization module execution. Here is the simple fix.

  • Shutdown all OAM weblogic servers including Admin server.
  • Backup oam-config.xml
  • Edit oam-config.xml for SSOOnlyMode to set to false and increment Version. Save the changes.
  • Start the weblogic servers.

That’s it for today !

 

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

1 comments
Joshua says December 1, 2016

Thanks for the post; I’ve got a related question; is there a way to:
1. log the user-info as part of Apache request logging
2. retrieve the user-info from OAM response header within the down-stream tornado-web-application.
Ref: http://stackoverflow.com/questions/40786673/oam-11g-apache-2-4-webgate-how-to-retrieve-logged-in-user-info

Reply
Add Your Reply