OAM 11g : Authorization headers are not passed to downstream applications

Readers,

Just another post on OAM 11g issue that I have recently seen. OAM version could be 11g R1 or later. It is common practice for OAM to pass headers to downstream applications for userid or any other user/session attributes for SSO to work.

Recently while working on EBS 12.2 and OAM PS3 SSO integration, I have tested OOTB OHS cgi script printenv for printing headers just to ensure that userid, guid are passed along. I found that OAM headers set in Authorization Response are not passed and therefore not printed on printenv script output.

I later came to know that it is OAM-OIM integrated environment thus SSOOnlyMode flag is set to true in oam-config.xml which will disable authorization module execution. Here is the simple fix.

Shutdown all OAM weblogic servers including Admin server.
Backup oam-config.xml
Edit oam-config.xml for SSOOnlyMode to set to false and increment Version. Save the changes.
Start the weblogic servers.

That’s it for today !

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

OAM 11g : Authorization headers are not passed to downstream applications

About the Author Mahendra

Leave a Comment:

1 comments