Single Site SSO Not Functioning With OAM 11g R2 MultiDataCenter Mode (Doc ID 1504641.1)

Last updated on MAY 24, 2022

Applies to:

Goal

When a user authenticates to "Site1" of a MultiDataCenter cluster to a domain, the Version5 OAM_ID cookie cannot be used to validate the session Since it can not validate the Version 5 OAM_ID, a new ObSSOToken is not set.

Use Case:

========

When MDC is Disabled:
1.) OAM_ID token reverts back to V4, with no DC affinity
2.) When I go to a protected resource, authenticate, get my
ObSSOCookie...Then I delete my cookie and hit refresh, I am granted another
ObSSOCookie.

When MDC is enabled:
1.) OAM_ID token goes to V5
2.) When I delete ObSSOToken and hit a resource, I expect the ECC redetect my
OAM_ID - instead, it is unable to determine my origin, therefore fails
Validity Check. And I do not get reissued a token from my same site.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.