My Oracle Support Banner

MDC Single SignOn issue when authentication and authorization are happening in different Data Center (Doc ID 2079637.1)

Last updated on NOVEMBER 04, 2019

Applies to:

Oracle Access Manager - Version 11.1.2.3.1 and later
Information in this document applies to any platform.

Symptoms

MDC with Master (DC1) and Clone (DC2) Data Center. 

App1 WebGate is in DC1 and App2 WebGate is in DC2.

User accesses App1 https://APP1/index.html. The user is connected to WebGate in DC1 and authenticated at DC1 due to user affinity. Authentication and authorization happen in DC1.

In the same browser session user access APP2 in Clone Data Center (DC2) - https://APP2/index.html

Due to user affinity, the authentication request is routed to DC2 where seamless authentication occurs due to the presence of valid OAM_ID cookie.

The App2 WebGate forwards the subsequent authorization request to App2's primary server, DC2. This results in looping and the browser shows the error “This WebGate has a redirect loop”.

Expected behaviour: Redirect loop should not occur and user should be able to resource on APP2 since they have a valid token.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.