OAM Unexpectedly Redirects An Authenticated User To The Login Page Under Load Conditions (Doc ID 1562540.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.0.0 and later
Information in this document applies to any platform.

Symptoms

During performance testing or times of high load users will sometimes be redirected to the login page, even though the user already has a valid login cookie (OAMAuthnCookie). Subsequent requests are not redirected to the login page, so the cookie is still valid.

The setup is an authentication scheme with Detached Credential Collector and an OAM Authentication Plugin.

Products:
* Oracle Identity and Access Management 11g (11.1.2.0.0)
* Oracle Access Manager WebGates 11.1.2.0.0
* Oracle Fusion Middleware Web Tier Utilities 11g Patch Set 5 (11.1.1.6.0)

Steps to reproduce

1. Use OAM to protect a simple web application which has 3-4 static html pages.
2. Using a suitable load test tool, create a test that attempts to access Page 1, which is then redirected to the login page. Submit valid credentials so that an OAMAuthnCookie is created, and then verify that you are forwarded to Page 1. Access Page 2 and Page 3, and then log out.
3. Use the test above and run it one time to make sure the test is successful.
4. Run a load test with 20 simultaneous users. For some of these users, access for Page 2 or Page 3 will sometimes be redirected to the login page, which is not expected behaviour.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms