After OAM Login the Authenticated User Session / HTTP Header Variables Set By OAM Are Sometimes Changed to Anonymous (Public) Session / OblixAnonymous
Last updated on MARCH 08, 2017
Applies to:COREid Access - Version 10.1.4.3.0 and later
Oracle Access Manager - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
After successful Oracle Access Manager (OAM) login, randomly the user's session becomes anonymous (public) again and OAM resets the HTTP Header Variables / Responses to OblixAnonymous user values instead of the values for the logged-in user.
This is causing problems for the application(s) which reference these HTTP Header variables.
The application WebGate is installed on an Apache-based webserver.
1. Access a site / application which allows both anonymous (public) and authenticated access. Do not login. The resources are protected by an anonymous authentication scheme in OAM so there is no prompt to login.
2. Navigate around the site, adding things to your basket.
3. Click a checkout link: this resource is protected by a form authentication scheme in OAM so there is a prompt to login.
4. Submit valid credentials: you are logged in successfully and your username is displayed at the top of the application page.
5. Instead of checking out, return to the application to view some more pages.
6. At some point your username is no longer displayed at the top of the page and when Checkout is clicked you are prompted to login again.
The application log shows that the user session details change from OblixAnonymous to authenticated user back to OblixAnonymous.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms