Error After OAM Idle Session Timeout: "The login form .... defined for form authentication itself requires form authentication." (Doc ID 1405746.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Access - Version: 10.1.4.3.0 and later   [Release: No Release Description and later ]
Information in this document applies to any platform.

Symptoms


An application has been integrated with Oracle Access Manager (OAM) 10.1.4.x for authentication, using a form-based login page.

If a user logs into the application then leaves the session idle for the OAM WebGate Idle Session Timeout period, any action to access the links or items on page thereafter takes the user to an error page similar to the following:

Oracle Access Manager Operation Error.

The login form /public/login.jsp defined for form authentication itself requires form authentication. It should be unprotected.


But the the form login page is definitely accessible without requiring login first. It is protected by an OAM anonymous access policy.

The problem only reproduces after Idle Session Timeout.

Steps to reproduce

1. Access the application at https://app.oracle.com/pages/
2. The OAM form login page is displayed at https://app.oracle.co/public/login.jsp
3. Submit valid OAM credentials.
4. The application pages are displayed.
5. Leave the browser session untouched for the period configured for "Idle Session Time (seconds)" in the WebGate, then access any OAM-protected link in the application.
6. An error is displayed: "Oracle Access Manager Operation Error. The login form /public/login.jsp defined for form authentication itself requires form authentication. It should be unprotected."



Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms