Single Site SSO Not Functioning With OAM 11g R2 MultiDataCenter Mode

(Doc ID 1504641.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.0.0 and later
Information in this document applies to any platform.

Goal

When a user authenticates to "Site1" of a MultiDataCenter cluster to a domain, the Version5 OAM_ID cookie cannot be used to validate the session Since it can not validate the Version 5 OAM_ID, a new ObSSOToken is not set.

Use Case:

========


When MDC is Disabled:
1.) OAM_ID token reverts back to V4, with no DC affinity
2.) When I go to a protected resource, authenticate, get my
ObSSOCookie...Then I delete my cookie and hit refresh, I am granted another
ObSSOCookie.

When MDC is enabled:
1.) OAM_ID token goes to V5
2.) When I delete ObSSOToken and hit a resource, I expect the ECC redetect my
OAM_ID - instead, it is unable to determine my origin, therefore fails
Validity Check. And I do not get reissued a token from my same site.

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms