HTTP-500 Internal Server Error When User Session Expires In Client Certificate Authenticated Environment (Doc ID 1051283.1)

Last updated on JUNE 07, 2017

Applies to:

COREid Access - Version: 10.1.4.0.1 to 10.1.4.3.0 - Release: 10g to
Information in this document applies to any platform.

Symptoms

HTTP-500 Internal Server Error occurs when accessing a resource protected by an Oracle Access Manager (OAM) Client Certificate X509 authentication scheme with an expired OAM session / ObSSOCookie. The ObSSOCookie is reset with value "loggedoutcontinue".

The problem occurs when either of WebGate configuration settings "Maximum user session time" and "Idle Session Time" are exceeded.

The problem reproduces with both Microsoft Internet Explorer (IE) and Firefox.

Steps To Reproduce

1. Configure an OAM Policy Domain protecting a resource e.g. https://securesite.oracle.com/home.html with an OAM X509 (Client Certificate) authentication scheme.
2. In the WebGate configuration settings, set Maximum User Session Time and/or Idle Session Time to be 1 minute.
3. Start a new browser on the client with a valid client certificate and access https://securesite.oracle.com/home.html. Access will be successful. The user may be prompted to choose a certificate to use to access the site, depending on browser configuration.
4. Wait for longer than 1 minute, then in the same browser session reload/refresh page https://securesite.oracle.com/home.html
5. HTTP-500 Internal Server Error is displayed.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms