Error After OAM Idle Session Timeout: "The login form .... defined for form authentication itself requires form authentication."
Last updated on MARCH 08, 2017
Applies to:COREid Access - Version: 10.1.4.3.0
Information in this document applies to any platform.
An application has been integrated with Oracle Access Manager (OAM) 10.1.4.x for authentication, using a form-based login page.
If a user logs into the application then leaves the session idle for the OAM WebGate Idle Session Timeout period, any action to access the links or items on page thereafter takes the user to an error page similar to the following:
Oracle Access Manager Operation Error.
The login form /public/login.jsp defined for form authentication itself requires form authentication. It should be unprotected.
But the the form login page is definitely accessible without requiring login first. It is protected by an OAM anonymous access policy.
The problem only reproduces after Idle Session Timeout.
Steps to reproduce
1. Access the application at https://app.oracle.com/pages/
2. The OAM form login page is displayed at https://app.oracle.co/public/login.jsp
3. Submit valid OAM credentials.
4. The application pages are displayed.
5. Leave the browser session untouched for the period configured for "Idle Session Time (seconds)" in the WebGate, then access any OAM-protected link in the application.
6. An error is displayed: "Oracle Access Manager Operation Error. The login form /public/login.jsp defined for form authentication itself requires form authentication. It should be unprotected."
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms