OAM Multi-Data Center Failback Issues
(Doc ID 1963793.1)
Last updated on SEPTEMBER 20, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.2.1 and later Information in this document applies to any platform.
Symptoms
Oracle Access Manager 11gr2 (OAM 11.1.2.2.x)
Multi-Data Center (MDC)
Failback/Failover flow issues
Changes
I am attempting to setup and configure MDC for 2 OAM DCs.
I have been successful in getting the initial failover from DC1 to DC2 to happen without reauthentication. This is the test I ran to do this:
1. Both DCs are up and running with one OAM server on each side. 2. Access a protected resource that has a 10g WebGate. a. The WebGate has a primary access server of OAM DC1 b. The WebGate has a secondary access server of OAM DC2 3. Cert is chosen and I am successfully authenticated to the resource via OAM DC1. 4. I see a new session generated only on OAM DC1. 5. Shutdown OAM DC1. 6. Access same protected resource again. 7. No cert is prompted and I am able to see a new session generated on OAM DC2. 8. Start OAM DC1 back up. 9. Access same protected resource again. 10. A cert is prompted and I am forced to re-authenticate to OAM DC1.
During steps 9 and 10 when the WebGate fails back to OAM DC1 I should not have to re-authenticate. OAM DC1 should read the ObSSOCookie and OAM_ID to validate that these sites are MDC together. Why am I forced to re-authenticate in this situation? Are there any settings I may be missing that would cause this?