OIM - Redirection URL in a Authentication Rule Action must not contain "?"?

Hello,
we run OAM to secure some APEX-Application. For one or two reasons we have to use a redirection URL to forward after successfull authentication with Form-Based-Authentication to the application. This works wonderfull with "normal" HTML-Pages. But as soon there is a parameter to be delivered, the Parameter Redirection URL isn't interpreted correct anymore.
An Example:
Redirection URL: https://test.net/test/index.htm
works wonderful, after authentication user is forwarded to the specified URL.
Redirection URL: https://test.net/pls/htmldb/f?p=300
does not work, after authentication user is forwarded to https://test.net/pls/htmldb/f. Everything after the "?" (within ?) is being cut off.
Is it possible to enter a URL for redirection with parameter identifiers like "?" ?
Regards
Hans

Already found a solution,
when entering only /pls/htmldb/f?p=300 it works...
strange..

Similar Messages

  • Form Based Authentication Redirect URL

    I'm using form based authentication in standalone OC4J 10.1.3.1. I have set the system property oc4j.formauth.redirect to true to force OC4J to redirect using 302 any successful authentication to j_security_check.
    The problem is that the redirect URL loses any query parameters. Here's the raw HTTP being posted:
    POST http://localhost:8988/manage/j_security_check HTTP/1.1
    Host: mvakoc-pc.peoplesoft.com:8099
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: keep-alive
    Referer: http://mvakoc-pc.peoplesoft.com:8099/manage/target?instanceName=denlcmlx1_entserver_1&targetType=entserver
    Cookie: JSESSIONID=0a8b7ff6231c049914997fdb4ebb93b4854b0956862b; SignOnDefault=18438; e1AppState=
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 62
    X-Forwarded-For: 10.139.127.246
    j_username=username&j_password=password&url=%2Fmanage%2Fhome
    However the response back drops off the query parameters:
    HTTP/1.1 302 Moved Temporarily
    Date: Fri, 05 Jan 2007 21:59:22 GMT
    Server: Oracle Containers for J2EE
    Content-Length: 231
    Connection: Keep-Alive
    Keep-Alive: timeout=15, max=100
    Location: http://mvakoc-pc.peoplesoft.com:8099/manage/target
    <HTML><HEAD><TITLE>Redirect to http://mvakoc-pc.peoplesoft.com:8099/manage/target</TITLE></HEAD><BODY>http://mvakoc-pc.peoplesoft.com:8099/manage/target</BODY></HTML>
    Any workaround?

    It does not appear to be quite the same issue. That bug indicates that everything works fine in a standalone OC4J environment. This would be true with the use case specified as the original URL (/em/console/ias) does not include any query parameters. In my case the original URL contains query parameters so the ultimate redirected URL should also contain those.

  • Redirect to custom url after successful authentication by OAM

    Hello,
    I need to redirect the user to some custom url instead of original requested url after successful authentication in OAM 11.1.2 (11g release2).
    The requirement in my case is depending upon the user type and the region(one of the user's ldap attributes) it belongs to, it should be redirected to one of the 2 available applications.
    I have tried implementing the same using custom authentication plugin in which I have used RedirectionActionContext class.
    I have also tried setting plugin response as REDIRECT and specifying the custom page url.
    I have also tried changing the "resource_url" parameter in authentication context.
    However, none of above approaches are working.
    Can anybody help me?
    Thanks,
    Purva

    Hello,
    I have exactly the same requirement. Have you solved the problem?
    Thanks,
    Purva

  • ISE 1.2 CWA Redirect URL

    Hi,
    Just wondered was there anyway to manipulate what webauth URL is sent to a client in the redirect string. Currently my ISE sends clients the internal machine name, I was wondering if there was anyway I can change this.
    I know on local webauth on the WLC you can set external URL's, does this feature exist in the ISE?
    TIA
    -G
    Sent from Cisco Technical Support iPad App

    Users Are Not Appropriately Redirected to URL
    Symptoms or Issue
    Administrator   receives one or more "Bad URL" error messages from Cisco ISE.
    Conditions
    This   scenario applies to 802.1X authentication as well as guest access sessions.
    Click   the magnifying glass icon in Authentications to launch the Authentication   Details. The authentication report should have the redirect URL in the RADIUS   response section as well as the session event section (which displays the   switch syslog messages).
    Possible   Causes
    Redirection   URL is entered incorrectly with invalid syntax or a missing path component.
    Resolution
    Verify   that the redirection URL specified in Cisco ISE via Cisco-av pair "URL   Redirect" is correct per the following options:
    •CWA   Redirection URL:   https://ip:8443/guestportal/gateway?sessionId=SessionIdValue&action=cwa
    •802.1X   Redirection URL:   url-redirect=https://ip:8443/guestportal/gateway?sessionId=SessionIdValue&action=cpp

  • Authorization Failure Redirect URL in OAM

    Hi,
    From OAM policies i want to redirect a user to Authorization Failure page by configuring redirect URL for Authorization Failure. But user is always redirected to OAM operation error page (with an error message that URL .. has been denied for the user) in case of Authorization Failure..How to redirect the user to my AuthFail.html page ? I am able to redirect the user to AuthenticationFailure page incase of authentication failure..but not able to redirect in case of authorization failure..how to achieve this?
    Thanks & Regards,
    Srikanth

    Hi,
    I am new to OAM and facing the same error in Authz Rule. Did your issue get resolved?
    When I tested the URL with access tester for authz failure scenario, I got Authorized Inconclusive.
    I do understand if I mention the AuthFail.html in the redirection URL Authz Inconclusive, the user would be able to see the appropriate error page. But I wanted to understand the reason for authz getting into inconclusive condition. Can someone provide me clarity on this?
    Thanks!

  • Set Redirection URL in Authorization

    I have written a custom Authorization Plug-In which at the end, either return authorization denied or successful.
    I was wondering how can I set a redirection URL when I return Authorization failed?
    Basically I want to return the user the the login form if they are not Authorized. I can't simply set it in the Authorization Failure Rule in the policy because it doesn't seem to work when i execute my own plugin.
    Any ideas?
    Thanks,
    Raj

    Are you not getting the authorization failure back to your policy or its not redirecting ? When you set the authorization denied in plugin and return , the authorization rule that called the Plugin will fire the failure part of the rule. But this wont redirect back to the login page because login page will think the user is already authentication ( because of valid obssocookie). You can try redirecting to another accessdenied page.
    Thanks
    Ram

  • OAM : Multi-valued attribute in Authorization Rule Actions

    Our application is protected by an Oracle Access Manager deployment, where the identity user base is based in an Oracle Internet Directory.
    In the OID, for every user entry, we have a multi valued attribute (say, 'roleattr') which contains the roles recognized in our application. Once the user is authenticated by the Access Server, we need the roles associated to him to be fetched and returned in the page header (similar to uid).
    Hence, our question is, in PolicyManager, by setting the Authorization Rule > Actions, is it possible to retrieve this attribute (which is 'multivalued') and populated into the pageHeader, so that our application can retrieve the same.

    Sure, you'll get a colon-delimited list of the multiple values in your header!
    -Vinod

  • Getting Warning about Redirection url

    Hi,
    we have the the portal application running on the weblogic 11g and upon login, home page of our app is loaded, but I do see the following warning message on the portal server logs. Any idea how we can supress this warning?
    <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is https://<servername>.arccorp.com:443/PortalApp/ARCGateway.portal?_nfpb=true&amp;_st=&amp;_pageLabel=ARC_Home&amp;_nfls=false
    Thanks
    sravi

    Hi Sravi,
    I am not sure if this is your situation or not, but hopefully it could be helpful for you.
    It is not supported for a remote pageflow portlet (WSRP producer) to redirect from its pageflow begin or refresh action. Because of this limitation, WebLogic Portal logs a warning when any portlet's pageflow attempts to redirect from either of these two actions.
    It is legal to redirect from these actions if the portlet is not a WSRP producer. If this is the case, Oracle has added a utility method that can be called prior to the redirect which can suppress these warning messages:
    - Class: com.bea.netuix.servlets.controls.content.PageflowLoggingHelper
    - Method: public static void dontLogRedirectWarning(HttpServletRequest req)
    Calling this method from the pageflow's begin or refresh action prior to the redirect will suppress the Netuix redirect warnings.
    Thanks,
    Cris

  • Multiple redirect URLs for mutliple guest VLANs

    We are trying to implement 2 guest WLANs tunnneled to our DMZ and want to redirect users to 2 different URLs (one for each WLAN) when they click the "Accept" button. We are running 6.0.182 on the DMZ controllers and have a customized web passthrough page currently working for the 1st WLAN.
    It appears that only 1 redirect URL can be configured via the command line (config custom-web redirectUrl), and we haven't had much luck modifying the web page for the 2nd WLAN to redirect correctly. Is this supported? Thanks

    Since you are on version 6, the config guide mentions the following in Chapter 10 (and talks about how to do a "global override" per WLAN):
    Assigning Login, Login Failure, and Logout Pages per WLAN
    You can display different web authentication login, login failure, and logout pages to users per WLAN.
    This feature enables user-specific web authentication pages to be displayed for a variety of network
    users, such as guest users or employees within different departments of an organization.
    Different login pages are available for all web authentication types (internal, external, and customized).
    However, different login failure and logout pages can be specified only when you choose customized as
    the web authentication type.

  • WebAuth Redirect URL Duplication

    Hello
    I have WLC2106 with sw 4.2.205.0 and have enabled webauth, such that any users first attempt to connect to the internet will be intercepted as expected.
    This works fine if going direct to a link with NO proxy, and it works fine if adding ":8080" to the end of the url as well.
    I have the following problem though if I specify a proxy server in my IE settings (IE7).
    I go to open a web page
    http://192.168.1.1
    get redirectected to
    https://10.1.1.1 of the WLC, correctly so, however, the actual URL appears like this:
    https://10.1.1.1/login.html?redirect=192.168.1.1http://192.168.1.1
    so, once authenticated, which works fine, the redirect will try to pass the user to the website
    http://192.168.1.1http//192.168.1.1   (note the obvious duplicate in the address, but also the missing : in the second url)
    This does not happen when the proxy server setting is turned off and I have put the WLC virtual address in the proxy bypass list.
    I have also tried both with and without an address in the "Redirect URL after Login" text box.
    Has anyone experienced this, or, does anyone have any idea what it might be?
    Thanks in advance
    Anthony

    So the portal woks, but the user goes to their page on their iPhone. Have you tried to add the redirect in the HTML code instead? I have not had problems the way you have it setup on the wlc. On the iPhone are you using the browser to log in or are you joining the SSID and letting the iPhone pop up the login.
    Thanks,
    Scott Fella
    Sent from my iPhone

  • Ignoring request not on consumer URL or redirect URL

    Hello,
    I have configured SAML for SSO for the destination site and it works fine for the page configured as Source Site Redirect URI. Attempt to access any other resource in the web application gives an error as : SAMLServletAuthenticationFilter: Ignoring request not on consumer URL or redirect URL.
    Relevant entries in web.xml and weblogic.xml are as below.
    Thanks for your time and help.
    Hiren
    web.xml*_
    <login-config>
              <auth-method>CLIENT-CERT</auth-method>
         </login-config>
    <!-- SAML SSO Start -->
    <security-constraint>
              <web-resource-collection>
                   <web-resource-name>Advisor</web-resource-name>
                   <description>These pages are only accessible by authorized users.</description>
    <url-pattern>*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
              </web-resource-collection>
              <auth-constraint>
                   <description>These are the roles who have access.</description>
                   <role-name>ssorole</role-name>
              </auth-constraint>
         </security-constraint>
         <security-role>
              <description>These are the roles who have access.</description>
              <role-name>ssorole</role-name>
         </security-role>
    weblogic.xml+_
    <?xml version='1.0' encoding='UTF-8'?>
    <weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <security-role-assignment>
              <role-name>ssorole</role-name>     
              <externally-defined/>
         </security-role-assignment>
         <context-root>Advisor</context-root>
    </weblogic-web-app>

    Hi David,
    I am currently not passing any group information in the SAML Assertion. I haven't tried SAML 2. I found this in one of the FAQs for UCM SSO 'only SAML v1.1 based SSO solution is certified to work with UCM 11.1.1.4'. Using SAML v1.1 if you want to use the groups information you have to configure the 'Enable Virtual users' option in the SAML Destination Site. Also, you need to configure the SAML Authentication Provider along with the SAML Identity Assertion Provider.
    Section 5.7 in the below link will give you some information about it.
    http://docs.oracle.com/cd/E14571_01/web.1111/e13707.pdf
    HTH,
    Shyam

  • Sample Rule Action Script.scpt crashes mail app sometimes

    Hi, I know next to nothing about applescript, but today came across a post which seemed like it could be solved with a little rule triggered AppleScript action. So I ...
    1. dug up the 'Sample Rule Action Script.scpt', and copied it into ~/Library/Scripts/Applications/Mail/
    2. created a rule which applied to all email messages and triggered the script
    3. selected a message, and hit cmd option L to apply rules to the selection
    and up popped an alert panel. (expected behavior) But only the first time and only on one of my two machines. On the other Mail.app crashed. (unexpected behavior)
    But then I found I couldn't reliably run it repeatedly on the first machine after all. So I repaired permissions. Now I get the crashing behavior reliably.
    Any ideas what I'm doing wrong? The script is the one everyone should have under:
    /Library/Scripts/Mail Scripts/Rule Actions/Sample Rule Action Script.scpt

    hello Camelot. I hope this is not too far afield in this thread but its as close I can find in the current discussion topics. I've been attempting to write a script to filter flagged messages from the old messages (> 6 days old) I want to delete. I use the rule to send it to my script as you discuss. My script doesn't function but when I replace it with the Sample Rule Script, things run like a charm. (Although the text that Craig sites doesn't run.) My question is what's wrong with my script that it is not triggered. It is as follows, it is compiled, and I added a sound command to try and debug it. It didn't work.
    using terms from application "Mail"
    on perform mail action with messages theMessages
    tell application "Mail"
    play sound ..........+These 2 lines added in an attempt to ascertain if the messages where even passing+
    "Basso" ..................+through the script. No sound resulted; syntax?+
    set theflaggedstatus to flagged status of eachMessage
    if flagged status is false then
    delete message
    end if
    end tell
    end perform mail action with messages
    end using terms from
    The result is no result, nothing, nada. The old messages stay in the mailbox whether they are flagged or not. I inserted a standard change color of message rule above and below the "run Applescript" rule command and the messages are colored as they should be but the Applescript is not functioning. My script, at this point, seems overly complex for what it is, but it is the result of numerous attempts to get it working. I have a number of similar scripts written with basically the same consequence.
    If this post is outside the thread here, my apologies, if it is maybe you can redirect my inquiries. thanks tT

  • How do I make a Mail Rule action bounce a message

    Is there a way to have a Mail Rule action bounce a message?
    Thank you in advance.
    Jeff

    paste the following into Applescript Editor and save it as a script
    <pre style="
    font-family: Monaco, 'Courier New', Courier, monospace;
    font-size: 10px;
    margin: 0px;
    padding: 5px;
    border: 1px solid #000000;
    width: 720px;
    color: #000000;
    background-color: #ADD8E6;
    overflow: auto;"
    title="this text can be pasted into the Script Editor">
    using terms from application "Mail"
    on perform mail action with messages selectedMsgs
    repeat with msg in selectedMsgs
    tell application "Mail"
    bounce msg
    end tell
    end repeat
    end perform mail action with messages
    end using terms from</pre>
    then have your Mail rule execute this script.

  • Child actions are not allowed to perform redirect actions. partial view

    I'm using ASP .NET MVC 5
    I'm trying to use Create view with the index view to show the created item in the same page. For that I'm using _CreateCategory as the partial view and I added following to the index view
    {Html.RenderAction("Create", Model);}
    My controller's get and post methods as follows for the Create
    [HttpGet]
    public ActionResult Create()
    return PartialView("_CreateCategory",new Inventory.Models.Category());
    [HttpPost]
    [ValidateAntiForgeryToken]
    public ActionResult Create([Bind(Include="Id,Description")] Category category)
    if (ModelState.IsValid)
    db.Categories.Add(category);
    db.SaveChanges();
    return RedirectToAction( "Index");
    return PartialView(category);
    }My index method as follows
    public ActionResult Index()
    return View(db.Categories.ToList());
    I didn't do any changes to the partial view. I'm getting error "
    child actions are not allowed to perform redirect action
    . I tried many ways to overcome this. But no luck yet.

    Please post ASP.NET questions in the ASP.NET forums:
    http://forums.asp.net
    The MVC forum is here: http://forums.asp.net/1146.aspx/1?MVC

  • GRC 10 - SSO via Portal - how to redirect url in notification variables

    Dears,
    I am in the process of designing our GRC 10 machine to be accessed via SSO in the Enterprise Portal. Yet I cannot find any info on what will happen with the URLs that are placed by ARM MSMP workflow in the variables of notifications/approvals.
    I typically would (as in 5.3) expect a redirect URL to be made available as an option.
    As an example: the Firefighter Log notification standard holds a variable pointing the URL to :
    http://GRC10server:GRC10port/sap/bc/webdynpro/sap/grac_ui_spm_log_email?sap-client=001&sap-language=EN&WF_ID=53FB8FEAC9E260D6E10000000AF90C44&APP_TYPE=1
    Yet now with SSO via the portal we also want this URL to go via the portal instead of directly to the GRC machine. How can we achieve that?
    Is there a configuration way to have GRC10server:GRC10port adjusted to the portal address..
    (mind that the WF_ID segment in this url is dynamically generated, so directly sqeezing in a static portal url is not an option)
    Cheers,
    Jim

    Hi Neeraj,
    Thx for your reaction. This unfortunately will not do the job as pasting the URL in the notification template will make it static. The problem is that the URL inserted by default is a dynamically created one which holds a variable pointer to a workflow object id.
    Now i am researching if a custom build portal redirect application will do the job. But there must be others having the same problem if you want the GRC iview in the portal to be the 'one-stop-shop' for your GRC users...
    Cheers,
    Jim

Maybe you are looking for