HTTP-500 Internal Server Error When User Session Expires In Client Certificate Authenticated Environment
(Doc ID 1051283.1)
Last updated on FEBRUARY 03, 2019
Applies to:COREid Access - Version: 10.1.4.0.1 to 10.1.4.3.0 - Release: 10g to
Information in this document applies to any platform.
The problem occurs when either of WebGate configuration settings "Maximum user session time" and "Idle Session Time" are exceeded.
The problem reproduces with both Microsoft Internet Explorer (IE) and Firefox.
Steps To Reproduce
1. Configure an OAM Policy Domain protecting a resource e.g. https://securesite.oracle.com/home.html with an OAM X509 (Client Certificate) authentication scheme.
2. In the WebGate configuration settings, set Maximum User Session Time and/or Idle Session Time to be 1 minute.
3. Start a new browser on the client with a valid client certificate and access https://securesite.oracle.com/home.html. Access will be successful. The user may be prompted to choose a certificate to use to access the site, depending on browser configuration.
4. Wait for longer than 1 minute, then in the same browser session reload/refresh page https://securesite.oracle.com/home.html
5. HTTP-500 Internal Server Error is displayed.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document