OAM Multi-Data Center Failback Issues

(Doc ID 1963793.1)

Last updated on JULY 06, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.2.1 and later
Information in this document applies to any platform.

Symptoms

Changes

 I am attempting to setup and configure MDC for 2 OAM DCs. 

I have been successful in getting the initial failover from DC1 to DC2 to happen without reauthentication. This is the test I ran to do this:

1. Both DCs are up and running with one OAM server on each side.
2. Access a protected resource that has a 10g WebGate.
  a. The WebGate has a primary access server of OAM DC1
  b. The WebGate has a secondary access server of OAM DC2
3. Cert is chosen and I am successfully authenticated to the resource via OAM DC1.
4. I see a new session generated only on OAM DC1.
5. Shutdown OAM DC1.
6. Access same protected resource again.
7. No cert is prompted and I am able to see a new session generated on OAM DC2.
8. Start OAM DC1 back up.
9. Access same protected resource again.
10. A cert is prompted and I am forced to re-authenticate to OAM DC1.

During steps 9 and 10 when the WebGate fails back to OAM DC1 I should not have to re-authenticate. OAM DC1 should read the ObSSOCookie and OAM_ID to validate that these sites are MDC together. Why am I forced to re-authenticate in this situation? Are there any settings I may be missing that would cause this?

Below is my configuration in the oam-config.xml:

   <Setting Name="DataCenterConfiguration" Type="htf:map">
     <Setting Name="MultiDataCenterEnabled" Type="xsd:boolean">true</Setting>
     <Setting Name="SessionControls" Type="htf:map">
       <Setting Name="SessionMustBeAnchoredToDataCenterServicingUser" Type="xsd:boolean">false</Setting>
       <Setting Name="SessionDataRetrievalOnDemand" Type="xsd:boolean">false</Setting>
       <Setting Name="Reauthenticate" Type="xsd:boolean">false</Setting>
       <Setting Name="SessionContinuationOnSyncFailure" Type="xsd:boolean">true</Setting>
       <Setting Name="SessionDataRetrievalOnDemandConnection" Type="htf:map">
         <Setting Name="max_retry_attempts" Type="xsd:integer">3</Setting>
         <Setting Name="max_conn_wait_time" Type="xsd:integer">10000</Setting>

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms