Skip to Main Content

Identity & Platform

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Data Filtering Limit Challenges in Migrating Session Attributes from OIF 11g R1 to OAM 12c

Joseph-OHJul 8 2024

We need help. Our primary challenge in migrating from OIF 11g R1 to OAM 12c involves the management of session attributes. In OIF 11g R1, we could dynamically select and store session attributes using customizable filtering tools, which supported authorization decisions across external applications. This flexibility allowed the user’s session to function as an adaptable attribute store.

However, OAM 12c introduces a significant change: session stores are now database-driven, and Oracle has imposed a hard cap of 40 session attributes that can be passed to downstream applications. This limitation is akin to Oracle enforcing a 'LIMIT 0,40' clause on SQL queries, applied before any filtering conditions. It restricts attribute selection to whatever fits within this limit, severely reducing the flexibility of our applications in making authorization decisions. The inability to control attribute pre-selection beyond this cap is highly problematic.

We have explored various Oracle-recommended solutions, but none have adequately addressed the constraint of processing only 40 attributes at a time, which is insufficient for our operational needs during SSO.

This issue requires immediate technical intervention to prevent significant impacts on client operations and future adoptions. One potential solution could involve enabling a configuration parameter allowing for a customizable limit, such as 'LIMIT 0,n', where 'n' is defined by the customer based on their specific needs. This would not grant unlimited attributes (which is not our requirement) but would allow for the necessary flexibility in attribute management during SSO. Additionally, since we run OAM on-premise, we can conduct thorough testing for resource requirements and performance impacts.

For the long term, considering a redesign may be necessary, especially as products are phased out and discontinued. Such redesigns should be planned strategically during migrations between different platforms to ensure continuity and efficiency. For now, we need to know if anyone can help us.

Comments

chonewell Nov 12 2024

My Oracle Cloud tenant, cloud account, and secure email have no issues. Why haven't I received my password reset email for Oracle Cloud? This is very strange, and our attempts have not been able to solve the problem. May I ask who I should turn to for help?

L. Fernigrini Nov 12 2024

If your account is a paid one, open a Support ticket.

If it is a Free Tier then you will have to rely on help from the community. Most probable cause that you did not receive the password reset email is that your account has been stolen and the email has been changed.

chonewell Nov 13 2024

Thank you for your reply!
But when I chatted with the online customer service, they told me that my Oracle Cloud tenant, account, and email were all fine. So, there shouldn't be a problem of theft.
I have a free account, but who can I contact on the forum? I can only post, but no one on the forum can view my account permissions, right. I am currently trying to reset MFA, I don't know if it works.
It's quite ridiculous that I have a free account and can't enjoy any services, but how can I become a paid user if I can't log in to my account.

1 - 3

Post Details

Added on Jul 8 2024
0 comments
121 views