After OAM Login the Authenticated User Session / HTTP Header Variables Set By OAM Are Sometimes Changed to Anonymous (Public) Session / OblixAnonymous
(Doc ID 1459181.1)
Last updated on NOVEMBER 01, 2019
Applies to:COREid Access - Version 10.1.4.3.0 and later
Oracle Access Manager - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note
After successful Oracle Access Manager (OAM) login, randomly the user's session becomes anonymous (public) again and OAM resets the HTTP Header Variables / Responses to OblixAnonymous user values instead of the values for the logged-in user.
This is causing problems for the application(s) which reference these HTTP Header variables.
The application WebGate is installed on an Apache-based webserver.
1. Access a site / application which allows both anonymous (public) and authenticated access. Do not login. The resources are protected by an anonymous authentication scheme in OAM so there is no prompt to login.
2. Navigate around the site, adding things to your basket.
3. Click a checkout link: this resource is protected by a form authentication scheme in OAM so there is a prompt to login.
4. Submit valid credentials: you are logged in successfully and your username is displayed at the top of the application page.
5. Instead of checking out, return to the application to view some more pages.
6. At some point your username is no longer displayed at the top of the page and when Checkout is clicked you are prompted to login again.
The application log shows that the user session details change from OblixAnonymous to authenticated user back to OblixAnonymous.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!