My Oracle Support Banner

OAM 11g: Login With OSSO Agent With GITO Enabled Fails: OHS Log Shows "Failed To Decrypt GTO Cookie Value" (Doc ID 1568860.1)

Last updated on FEBRUARY 03, 2022

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.


Oracle Access Manager (OAM) 11g SSO login using an OSSO Agent is failing after Global Inactivity Timeout (GITO) is configured.

When a mod_osso protected resource is accessed, the user is redirected to the OAM SSO login page as expected.

However when the user submits valid credentials, the login page is re-displayed with blank username and password fields.

The HTTP header trace shows that the OAM_ID (OAM SSO cookie) , OHS-ID (mod_osso cookie) and OSSO_USER_CXT (GITO cookie) are set during after the credentials are submitted. But the login page is then re-displayed.

In the Oracle HTTP Server (OHS) log the following warning is written:


Steps to reproduce

1. Access the mod_osso protected resource in the browser.
2. The OAM SSO login page is displayed.
3. Submit valid credentials.
4. The OSSO login page is re-displayed with blank username and password fields.





To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.