My Oracle Support Banner

HTTP-500 Internal Server Error When User Session Expires In Client Certificate Authenticated Environment (Doc ID 1051283.1)

Last updated on FEBRUARY 03, 2019

Applies to:

COREid Access - Version: to - Release: 10g to
Information in this document applies to any platform.


HTTP-500 Internal Server Error occurs when accessing a resource protected by an Oracle Access Manager (OAM) Client Certificate X509 authentication scheme with an expired OAM session / ObSSOCookie. The ObSSOCookie is reset with value "loggedoutcontinue".

The problem occurs when either of WebGate configuration settings "Maximum user session time" and "Idle Session Time" are exceeded.

The problem reproduces with both Microsoft Internet Explorer (IE) and Firefox.

Steps To Reproduce

1. Configure an OAM Policy Domain protecting a resource e.g. with an OAM X509 (Client Certificate) authentication scheme.
2. In the WebGate configuration settings, set Maximum User Session Time and/or Idle Session Time to be 1 minute.
3. Start a new browser on the client with a valid client certificate and access Access will be successful. The user may be prompted to choose a certificate to use to access the site, depending on browser configuration.
4. Wait for longer than 1 minute, then in the same browser session reload/refresh page
5. HTTP-500 Internal Server Error is displayed.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.