OAM11gr2PS2 Ipvalidation Redirect Loop After Changing Client IP (Doc ID 2033642.1)

Last updated on SEPTEMBER 20, 2016

Applies to:

Oracle Access Manager - Version 11.1.2.2.3 and later
Information in this document applies to any platform.

Symptoms

Configure IP Validation and try to access a protected application via wired connection.
Once authentication is successfully, you can switch to Wireless connection and at that point of time your IP address would get changed.
After the IP Change, It is going to a redirect loop and not displaying any page.
As per the standard process, it must either display an error page or it should redirect to the login page for authentication.

In the current scenario, the below might happen in the background

1. User authenticates and gets an OAMAuthnCookie for the 11g WebGate, and an OAM_ID cookie for the OAM Server
2. User changes IP address, and the 11g WebGate correctly rejects the OAMAuthnCookie, and re-directs the user for authentication
3. The OAM Server looks at the OAM_ID and says it's OK, so assumes the user is already authenticated
4. The OAMAuthnCookie is rejected again by the Webgate, and re-directs the user for authentication and so the loop begins

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms