HTTP-500 Internal Server Error When User Session Expires In Client Certificate Authenticated Environment
Last updated on JUNE 07, 2017
Applies to:COREid Access - Version: 10.1.4.0.1 to 10.1.4.3.0 - Release: 10g to
Information in this document applies to any platform.
The problem occurs when either of WebGate configuration settings "Maximum user session time" and "Idle Session Time" are exceeded.
The problem reproduces with both Microsoft Internet Explorer (IE) and Firefox.
Steps To Reproduce
1. Configure an OAM Policy Domain protecting a resource e.g. https://securesite.oracle.com/home.html with an OAM X509 (Client Certificate) authentication scheme.
2. In the WebGate configuration settings, set Maximum User Session Time and/or Idle Session Time to be 1 minute.
3. Start a new browser on the client with a valid client certificate and access https://securesite.oracle.com/home.html. Access will be successful. The user may be prompted to choose a certificate to use to access the site, depending on browser configuration.
4. Wait for longer than 1 minute, then in the same browser session reload/refresh page https://securesite.oracle.com/home.html
5. HTTP-500 Internal Server Error is displayed.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms