Last updated on MAY 02, 2017
Applies to:Oracle Access Manager - Version 18.104.22.168.3 and later
Information in this document applies to any platform.
(1) In a clustered OAM environment, a server-side authentication is performed (unsolicited login) via asdk. The auth token is stored in a DB.
(2) At a later stage, when the customer accesses the application via the browser, the authentication token is retrieved and injected as an "ObSSOCookie" in the response. The customer is then granted access to protected resource.
(3) Now, if the request lands on the server other than the one rejected by OAM if the request lands on the server in the cluster other than the one that created the token thus producing the decryption error.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms