MDC Single SignOn issue when authentication and authorization are happening in different Data Center (Doc ID 2079637.1)

Last updated on NOVEMBER 24, 2015

Applies to:

Oracle Access Manager - Version 11.1.2.3.1 and later
Information in this document applies to any platform.

Symptoms

Test case steps:

MDC with Master (DC1) and Clone (DC2) Data Center. 

App1 WebGate is in DC1 and App2 WebGate is in DC2.

User accesses App1 https://APP1/index.html. The user is connected to WebGate in DC1 and authenticated at DC1 due to user affinity. Authentication and authorization happen in DC1.

In the same browser session user access APP2 in Clone Data Center (DC2) - https://APP2/index.html

Due to user affinity, the authentication request is routed to DC2 where seamless authentication occurs due to the presence of valid OAM_ID cookie.

The App2 WebGate forwards the subsequent authorization request to App2's primary server, DC2. This results in looping and the browser shows the error “This WebGate has a redirect loop”.

Expected behaviour:
-> Redirect loop should not occur and user should be able to resource on APP2 since they have a valid token.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms