OAM Unexpectedly Redirects An Authenticated User To The Login Page Under Load Conditions
Last updated on MARCH 08, 2017
Applies to:Oracle Access Manager - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
During performance testing or times of high load users will sometimes be redirected to the login page, even though the user already has a valid login cookie (OAMAuthnCookie). Subsequent requests are not redirected to the login page, so the cookie is still valid.
The setup is an authentication scheme with Detached Credential Collector and an OAM Authentication Plugin.
* Oracle Identity and Access Management 11g (22.214.171.124.0)
* Oracle Access Manager WebGates 126.96.36.199.0
* Oracle Fusion Middleware Web Tier Utilities 11g Patch Set 5 (188.8.131.52.0)
Steps to reproduce
1. Use OAM to protect a simple web application which has 3-4 static html pages.
2. Using a suitable load test tool, create a test that attempts to access Page 1, which is then redirected to the login page. Submit valid credentials so that an OAMAuthnCookie is created, and then verify that you are forwarded to Page 1. Access Page 2 and Page 3, and then log out.
3. Use the test above and run it one time to make sure the test is successful.
4. Run a load test with 20 simultaneous users. For some of these users, access for Page 2 or Page 3 will sometimes be redirected to the login page, which is not expected behaviour.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms