My Oracle Support Banner

OSSO session max lifetime can exceed 8 hours (Doc ID 2097425.1)

Last updated on OCTOBER 30, 2023

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.


OAM OSSO Protocol Compatibility

At 8 hours intervals, a simple refreshing HTML is forced to re-authenticate trough OAM
Separate OHS (Oracle HTTP Server ) instance running and uses OSSO agent

User was logged out ~8hrs after authenticating

The issue can be reproduced at will with the following steps:

1. In the following location: c:\Oracle\MiddlewareWT\instances\ohs_inst2\config\OHS\ohs2\htdocs
Create a new folder called 'private' like c:\Oracle\MiddlewareWT\instances\ohs_inst2\config\OHS\ohs2\htdocs\private

2. Create here a new simple HTML file here called test.hml where the content will refresh every hour (3600 seconds)
The full path will be c:\Oracle\MiddlewareWT\instances\ohs_inst2\config\OHS\ohs2\htdocs\private\test.html

Note: This is test. Keep the page idle for 8 hours.

3. Save the settings and start a new browser with this protected resource like:


This should ask for OAM authentication, I believe . Then you should see this simple web page with text "This is test. Keep the page idle for 8 hours."

4. Keep the browser session opened and idle for 8 hours

5. Check and confirm if after 8 hours it will ask again for authentication




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.