We need help. Our primary challenge in migrating from OIF 11g R1 to OAM 12c involves the management of session attributes. In OIF 11g R1, we could dynamically select and store session attributes using customizable filtering tools, which supported authorization decisions across external applications. This flexibility allowed the user’s session to function as an adaptable attribute store.
However, OAM 12c introduces a significant change: session stores are now database-driven, and Oracle has imposed a hard cap of 40 session attributes that can be passed to downstream applications. This limitation is akin to Oracle enforcing a 'LIMIT 0,40' clause on SQL queries, applied before any filtering conditions. It restricts attribute selection to whatever fits within this limit, severely reducing the flexibility of our applications in making authorization decisions. The inability to control attribute pre-selection beyond this cap is highly problematic.
We have explored various Oracle-recommended solutions, but none have adequately addressed the constraint of processing only 40 attributes at a time, which is insufficient for our operational needs during SSO.
This issue requires immediate technical intervention to prevent significant impacts on client operations and future adoptions. One potential solution could involve enabling a configuration parameter allowing for a customizable limit, such as 'LIMIT 0,n', where 'n' is defined by the customer based on their specific needs. This would not grant unlimited attributes (which is not our requirement) but would allow for the necessary flexibility in attribute management during SSO. Additionally, since we run OAM on-premise, we can conduct thorough testing for resource requirements and performance impacts.
For the long term, considering a redesign may be necessary, especially as products are phased out and discontinued. Such redesigns should be planned strategically during migrations between different platforms to ensure continuity and efficiency. For now, we need to know if anyone can help us.