Error: “URL Security cannot be asserted.” returned from login step in correlated Oracle Applications R12 script

Error: "URL Security cannot be asserted." returned from login step in correlated Oracle Applications R12 script

The default correlation performed by VuGen may not select the correct value for the "oas" parameter and consequently the login step fails during replay. The recommended correlation to perform is detailed herein.

Problem

Having correlated a Web Protocol script recorded against an Oracle Applications R12 application, the login step continues to fail and the following message:

URL Security cannot be asserted. The given URL has either expired or has been tampered with. Please contact your System Administrator for help.

is displayed in the page returned by the server.

Cause

This message indicates that a correlated value in the URL sent to the server during script replay is not correct. This is due to an incorrect correlation.

Typically the login step is performed by a "POST" action such as:

web_submit_data("OA.jsp",

"Action=http://frsdev.moe.gov.sa:8000/OA_HTML/OA.jsp?page=/oracle/apps/fnd/sso/login/webui/MainLoginPG&_ri=0&_ti={WCSParam1}&language_code=US&requestUrl=&oapc=2&oas={WCSParam2}..",

"Method=POST",

.

.

LAST);

If an incorrect correlation of the value of the "oas" parameter is performed, this login step will fail.

Fix

Typically there may be several different values for the "oas" parameter present in data returned by the server to the client during recording of the business process. The value that is required for this parameter for the login step is returned by the server within the following content:

Action.c(nnn): ethod="POST" action="/OA_HTML/OA.jsp?page=/oracle/apps/fnd/sso/login/webui/MainLoginPG&_ri

Action.c(nnn): =0&_ti=1963387896&language_code=US&requestUrl=&oapc=2&oas=_puaepcRLdyxa9Nwu4WQqw.."><input

and therefore the correlation statement that is required should be similar to:

web_reg_save_param("WCSParam2",

"LB/IC=language_code=US&requestUrl=&oapc=2&oas=",

"RB/IC=..\"",

"Ord=1",

"Search=body",

"RelFrameId=1",

LAST);

Advertisements

One thought on “Error: “URL Security cannot be asserted.” returned from login step in correlated Oracle Applications R12 script

  1. makani

    I was happy to find this article, as this is similar to the issue I am experiencing. Currently I have logged in and am trying to make a change to a page and submit it…the issue im having is it appears that the “Referer” header also contains the OAS from the OA.jsp_2 web submit call in the previous step, however on play back for some reason this Referer header is NOT being passed in. I look at the replay log and dont see the referer passed in. Do you have any suggestions?
    thank you!

    web_submit_data(“OA.jsp_3”,
    “Action=http://rc-lx309.ut.dentegra.lab:8039/OA_HTML/OA.jsp?_rc=PAY_W4_UPDATE_SS_TOP&_ri=801&OAFunc=PAY_W4INFO_SS&_ti={PAY_W4INFO}&retainAM=Y&addBreadCrumb=N&oapc=9&oas={securityGroup21}..”,
    “Method=POST”,
    “TargetFrame=”,
    “RecContentType=text/html”,
    “Referer=http://rc-lx309.ut.dentegra.lab:8039/OA_HTML/OA.jsp?_rc=PAY_W4_OVERVIEW_SS_TOP&_ri=801&OAFunc=PAY_W4INFO_SS&_ti={PAY_W4INFO2}..”,
    “Snapshot=t5.inf”,
    “Mode=HTML”,
    ITEMDATA,
    “Name=_AM_TX_ID_FIELD”, “Value={securityGroup3}”, ENDITEM,
    “Name=_FORM”, “Value={securityGroup4}”, ENDITEM,
    “Name=PayW4FilingStatusRg”, “Value={securityGroup22}”, ENDITEM,
    “Name=PayAllowances”, “Value=7”, ENDITEM,
    “Name=PayAdditionalAmount”, “Value=0.00”, ENDITEM,
    “Name=PayAgreementFlag”, “Value=on”, ENDITEM,
    “Name=HrCancelButton$$unvalidated”, “Value={securityGroup23}”, ENDITEM,
    “Name=HrCancelButton$$serverUnvalidated”, “Value={securityGroup24}”, ENDITEM,
    “Name=HrCancelButton$$processFormDataCalled”, “Value={securityGroup25}”, ENDITEM,
    “Name=HrNextButton$$unvalidated”, “Value={securityGroup26}”, ENDITEM,
    “Name=HrNextButton$$serverUnvalidated”, “Value={securityGroup27}”, ENDITEM,
    “Name=HrNextButton$$processFormDataCalled”, “Value={securityGroup28}”, ENDITEM,
    “Name=_wfActivityId”, “Value={securityGroup29}”, ENDITEM,
    “Name=FORM_MAC_LIST”, “Value=HrCancelButton$$serverUnvalidated^_FORM_SUBMIT_BUTTON^HrNextButton$$unvalidated^evtSrcRowId^_AM_TX_ID_FIELD^evtSrcRowIdx^_wfActivityId^HrCancelButton$$processFormDataCalled^HrCancelButton$$unvalidated^_FORM^HrNextButton$$serverUnvalidated^HrNextButton$$processFormDataCalled^PayW4FilingStatusRg^serverValidate^_FORMEVENT***@@@FORM_MAC_LIST***@@@event^PayExempt^PayAdditionalAmount^PayAgreementFlag^PayLastNameDiff^PayAllowances^FORM_MAC_LIST{securityGroup30}..”, ENDITEM,
    “Name=uri”, “Value=”, ENDITEM,
    “Name=event”, “Value=”, ENDITEM,
    “Name=_FORMEVENT”, “Value=”, ENDITEM,
    “Name=serverValidate”, “Value=”, ENDITEM,
    “Name=evtSrcRowIdx”, “Value=”, ENDITEM,
    “Name=evtSrcRowId”, “Value=”, ENDITEM,
    “Name=_FORM_SUBMIT_BUTTON”, “Value=HrNextButton{securityGroup31}”, ENDITEM,
    “Name=source”, “Value=”, ENDITEM,
    LAST);

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s