SSOFilter : Ignoring synchronizationcheck as authentication type is not CLIENT-CERT

(Doc ID 2088865.1)

Last updated on AUGUST 03, 2017

Applies to:

Oracle WebLogic Server - Version 10.3 and later
Information in this document applies to any platform.

Symptoms

OSSO 10.1.4.3 and BIPUBLISHER 11.1.1.7 deployed on Weblogic 10.3.6 front-ended with OHS 11.1.1.7.

Steps to configure :

Link : https://docs.oracle.com/cd/E28280_01/core.1111/e10043/osso_d_10g.htm#JISEC9246

The above configuration is working as expected, with one exception :

The logout initiated by a partner other than BI does not cause BI to logoff, a subsequent login with a different user actually does return to the previous user.

Below is a sample scenario to describe the behaviour:

- login to BIPUBLISHER as user1 (authentication done by SSO)

- In the same browser login to OIDDAS console (successful login - no more authentication required)

- logout from OIDDAS console -(this should logoff all partners)

- login to BIPUBLISHER as user2 (authentication done by SSO)

- Result: Logged in as user1 in BIPUBLISHER (expected behaviour is that we should be logged in as user2) // Seems like the session is not getting invalidated globally."

-----------

- The above issue is not seen in an earlier version of BIPUBLISHER and WLS :

OSSO 10.1.4.3 and BIPUBLISHER 11.1.1.5 deployed on Weblogic 10.3.4 front-ended with OHS 11.1.1.3. (here the logout works as expected - in the second login the user2 is successfully logged in).

-----------

Below are the logs from working environment : 

.....
####<Dec 4, 2015 9:55:16 AM CET> <Debug> <> <eicixzq311.ep.parl.union.eu> <bi_server1> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <USER1> <> <^00022O> <1449219316125> <BEA-000000> <SSOFilter : doFilter>
####<Dec 4, 2015 9:55:16 AM CET> <Debug> <> <eicixzq311.ep.parl.union.eu> <bi_server1> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <USER1> <> <^00022O> <1449219316127> <BEA-000000> <SSOFilter: Session = kjCWWhJQJ5F7SpNbfrntdZqgQD3yw2pvnBsklD5262d2mkBCXnnK!14492193122>
####<Dec 4, 2015 9:55:16 AM CET> <Debug> <> <eicixzq311.ep.parl.union.eu> <bi_server1> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <USER1> <> <^00022O> <1449219316127> <BEA-000000> <SSOFilter: OSSO-Hint =true>
####<Dec 4, 2015 9:55:16 AM CET> <Debug> <> <eicixzq311.ep.parl.union.eu> <bi_server1> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <USER1> <> <^00022O> <1449219316128> <BEA-000000> <SSOFilter: Principal Match = "false" CustomHeader = "null">
####<Dec 4, 2015 9:55:16 AM CET> <Debug> <> <eicixzq311.ep.parl.union.eu> <bi_server1> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <USER1> <> <^00022O> <1449219316129> <BEA-000000> <SSOFilter: RemoteUser from OSSO headers = USER1>
####<Dec 4, 2015 9:55:16 AM CET> <Debug> <> <eicixzq311.ep.parl.union.eu> <bi_server1> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <USER1> <> <^00022O> <1449219316130> <BEA-000000> <SSOFilter: isAuthenticated - Session Available>
####<Dec 4, 2015 9:55:16 AM CET> <Debug> <> <eicixzq311.ep.parl.union.eu> <bi_server1> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <USER1> <> <^00022O> <1449219316131> <BEA-000000> <SSOFilter: Remote User = "USER1" Session User = "USER1">
####<Dec 4, 2015 9:55:16 AM CET> <Debug> <> <eicixzq311.ep.parl.union.eu> <bi_server1> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <USER1> <> <^00022O> <1449219316131> <BEA-000000> <SSOFilter: Exit>
.....

 

 Below are the logs from non-working environment :

.....
####<Dec 4, 2015 9:35:58 AM CET> <Debug> <> <eicixzq311.ep.parl.union.eu> <bi_server1> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <USER1> <> <> <1449218158352> <BEA-000000> <SSOFilter : doFilter>
####<Dec 4, 2015 9:35:58 AM CET> <Debug> <> <eicixzq311.ep.parl.union.eu> <bi_server1> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <USER1> <> <> <1449218158354> <BEA-000000> <SSOFilter: Session = JyxbWhQTZCyCKcNLcrydyGndlfLXqRMht43pwysYMJZLNl3vQQdy!-14492181583>
####<Dec 4, 2015 9:35:58 AM CET> <Debug> <> <eicixzq311.ep.parl.union.eu> <bi_server1> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <USER1> <> <> <1449218158355> <BEA-000000> <SSOFilter: OSSO-Hint =true>
####<Dec 4, 2015 9:35:58 AM CET> <Debug> <> <eicixzq311.ep.parl.union.eu> <bi_server1> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <USER1> <> <> <1449218158355> <BEA-000000> <SSOFilter: AuthType = Osso SSO>
####<Dec 4, 2015 9:35:58 AM CET> <Debug> <> <eicixzq311.ep.parl.union.eu> <bi_server1> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <USER1> <> <> <1449218158356> <BEA-000000> <SSOFilter : Ignoring synchronizationcheck as authentication type is not CLIENT-CERT>
......

 

 Even though the SSO sync filter is initiated successfully, it is ignoring the login session.

Changes

Upgraded Weblogic Server 10.3.4 to 10.3.6

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms