MDC Single SignOn issue when authentication and authorization are happening in different Data Center
Last updated on NOVEMBER 24, 2015
Applies to:Oracle Access Manager - Version 184.108.40.206.1 and later
Information in this document applies to any platform.
Test case steps:
MDC with Master (DC1) and Clone (DC2) Data Center.
App1 WebGate is in DC1 and App2 WebGate is in DC2.
User accesses App1 https://APP1/index.html. The user is connected to WebGate in DC1 and authenticated at DC1 due to user affinity. Authentication and authorization happen in DC1.
In the same browser session user access APP2 in Clone Data Center (DC2) - https://APP2/index.html
Due to user affinity, the authentication request is routed to DC2 where seamless authentication occurs due to the presence of valid OAM_ID cookie.
The App2 WebGate forwards the subsequent authorization request to App2's primary server, DC2. This results in looping and the browser shows the error “This WebGate has a redirect loop”.
-> Redirect loop should not occur and user should be able to resource on APP2 since they have a valid token.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms