OAM 11g: Login With OSSO Agent With GITO Enabled Fails: OHS Log Shows "Failed To Decrypt GTO Cookie Value"
(Doc ID 1568860.1)
Last updated on OCTOBER 29, 2019
Applies to:Oracle Access Manager - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
Oracle Access Manager (OAM) 11g SSO login using an OSSO Agent is failing after Global Inactivity Timeout (GITO) is configured.
When a mod_osso protected resource is accessed, the user is redirected to the OAM SSO login page as expected.
However when the user submits valid credentials, the login page is re-displayed with blank username and password fields.
The HTTP header trace shows that the OAM_ID (OAM SSO cookie) , OHS-ID (mod_osso cookie) and OSSO_USER_CXT (GITO cookie) are set during after the credentials are submitted. But the login page is then re-displayed.
In the Oracle HTTP Server (OHS) log the following warning is written:
Steps to reproduce
1. Access the mod_osso protected resource in the browser.
2. The OAM SSO login page is displayed.
3. Submit valid credentials.
4. The OSSO login page is re-displayed with blank username and password fields.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document