OAM_LAST_REAUTHENTICATION_TIME Is Not Updated After Reauthentication Via /oamreauthenticate
Last updated on DECEMBER 02, 2017
Applies to:Oracle Access Manager - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
Two protected resources with different level of authentication.
After user is logged to Protected Resource-1, than to perfom login to Protected Resource-2 ... need to do forced re-authentication and used the "/oamreauthenticate" functionality for this. The login is done again with the same user and the same DCC scheme and this works.
However when we check the OAM_LAST_REAUTHENTICATION_TIME headers, it has not changed since the previous login.
The expectation would be to see a updated timestamp value, as mentioned in documentation...
Oracle Fusion Middleware Online Documentation Library, 11g Release 1 (18.104.22.168), Fusion Middleware Administrator's Guide for Oracle Access Management, Chapter 19 Managing Authentication and Shared Policy Components, section 19.19 Using Application Initiated Authentication
The OAM_LAST_REAUTHENTICATION_TIME http header is completely removed after doing a step-up authentication. We've seen this behavior in 2 use cases:
- Using step-up authentication for a SAML Federation IDP when having applied the WLST addIdPPartnerAuthnMethod(...)
- Using Advanced Rules (pre-authentication rules) to perform a scheme switch to a scheme with a higher authentication level.
The result in these 2 cases is that the actual authn_level is increased as expected, but the OAM_LAST_REAUTHENTICATION_TIME http header is completely removed after step-up.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms