OSSO session max lifetime can exceed 8 hours
(Doc ID 2097425.1)
Last updated on MAY 24, 2022
Applies to:Oracle Access Manager - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
OAM 22.214.171.124.0 OSSO Protocol Compatibility
At 8 hours intervals, a simple refreshing HTML is forced to re-authenticate trough OAM
Separate OHS (Oracle HTTP Server ) instance running and uses OSSO agent
User was logged out ~8hrs after authenticating
The issue can be reproduced at will with the following steps:
1. In the following location: c:\Oracle\MiddlewareWT\instances\ohs_inst2\config\OHS\ohs2\htdocs
Create a new folder called 'private' like c:\Oracle\MiddlewareWT\instances\ohs_inst2\config\OHS\ohs2\htdocs\private
2. Create here a new simple HTML file here called test.hml where the content will refresh every hour (3600 seconds)
The full path will be c:\Oracle\MiddlewareWT\instances\ohs_inst2\config\OHS\ohs2\htdocs\private\test.html
Note: This is test. Keep the page idle for 8 hours.
3. Save the settings and start a new browser with this protected resource like:
This should ask for OAM authentication, I believe . Then you should see this simple web page with text "This is test. Keep the page idle for 8 hours."
4. Keep the browser session opened and idle for 8 hours
5. Check and confirm if after 8 hours it will ask again for authentication
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document