OAM 11g : Authorization headers are not passed to downstream applications

Readers,

Just another post on OAM 11g issue that I have recently seen. OAM version could be 11g R1 or later. It is common practice for OAM to pass headers to downstream applications for userid or any other user/session attributes for SSO to work.

Recently while working on EBS 12.2 and OAM PS3 SSO integration, I have tested OOTB OHS cgi script printenv for printing headers just to ensure that userid, guid are passed along. I found that OAM headers set in Authorization Response are not passed and therefore not printed on printenv script output.

I later came to know that it is OAM-OIM integrated environment thus SSOOnlyMode flag is set to true in oam-config.xml which will disable authorization module execution. Here is the simple fix.

  • Shutdown all OAM weblogic servers including Admin server.
  • Backup oam-config.xml
  • Edit oam-config.xml for SSOOnlyMode to set to false and increment Version. Save the changes.
  • Start the weblogic servers.

That’s it for today !

 

Comments are closed.

Scroll to Top