OAM 11g: Login With OSSO Agent With GITO Enabled Fails: OHS Log Shows "Failed To Decrypt GTO Cookie Value"

(Doc ID 1568860.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Access Manager (OAM) 11g SSO login using an OSSO Agent is failing after Global Inactivity Timeout (GITO) is configured.

When a mod_osso protected resource is accessed, the user is redirected to the OAM SSO login page as expected.

However when the user submits valid credentials, the login page is re-displayed with blank username and password fields.

The HTTP header trace shows that the OAM_ID (OAM SSO cookie) , OHS-ID (mod_osso cookie) and OSSO_USER_CXT (GITO cookie) are set during after the credentials are submitted. But the login page is then re-displayed.


In the Oracle HTTP Server (OHS) log the following warning is written:

 


Steps to reproduce

1. Access the mod_osso protected resource in the browser.
2. The OAM SSO login page is displayed.
3. Submit valid credentials.
4. The OSSO login page is re-displayed with blank username and password fields.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms