Monday, October 19, 2015

Double login prompt for /oamconsole login page

ISSUE: 



We have performed OAM to OID integration but while accessing /oamconsole page,we are getting two login prompts.

Double login prompt for /oamconsole access.

1) OAM SSO screen: enter oamadmin/password. ( oamadmin user is in OID)
2) OAM login is successful but then the oamconsole Oracle Access Manager login page is displayed.
(Default page is displayed ) Again enter oamadmin/password.
3) The OAM Administration Console application is displayed.


CAUSE: 

 

In Security Realms->myrealms->Providers, below was the order of different providers with there control flags:

DefaultAuthenticator ( REQUIRED)
IAMSuiteAgent
OIDAuthenticator (SUFFICIENT)
DefaultIdentityAsserter

SOLUTION:


Step 1) Login to Weblogic Admin Console
http://Hostname:Port/console 

Step 2) Click on Security Realms->myrealms->Providers

Step 3) Click on DefaultAuthenticator(WLS DefaultAuthenticator) 

Step 4) Change Control Flag to “SUFFICIENT” from “REQUIRED

Step 5) Restart Admin and OAM Server

More on Control Flag:

REQUIRED—The Authentication provider is always called, and the user must always pass its authentication test. If authentication succeeds or fails, authentication still continues down the list of providers. 

REQUISITE—The user is required to pass the authentication test of the Authentication provider. If the user passes the authentication test of this Authentication provider, subsequent providers are executed but can fail (except for Authentication providers with the JAAS Control Flag set to REQUIRED). 

SUFFICIENT—The user is not required to pass the authentication test of the Authentication provider. If authentication succeeds, no subsequent Authentication providers are executed. If authentication fails, authentication continues down the list of providers. 

OPTIONAL—The user is allowed to pass or fail the authentication test of this Authentication provider. However, if all Authentication providers configured in a security realm have the JAAS Control Flag set to OPTIONAL, the user must pass the authentication test of one of the configured providers.

Ref : 1355902.1

No comments:

Post a Comment

Other Posts