Oracle Access Manager (OAM) Active-Active Multi Data Center (MDC) Failover Not Working As Expected
(Doc ID 2122469.1)
Last updated on MAY 19, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.3.0 and laterInformation in this document applies to any platform.
Symptoms
A Multi Data Center active-active configuration was implemented, where each Data Center has its own AdminServer/DB and a single instance of OAM runtime
( AdminServer is installed on a separate system than the OAM).
Webgates are configured so that they only speak to local OAMs.
The MDC deployment has been chosen to satisfy these requirements:
- Under normal circumstances no user session is replicated towards the remote site
- In case a user is routed to a different MDC, session has to be adopted on the local DC OAM using back-channel synchronization only; if the remote OAM is down or unreachable, re-authentication must occur.
MDC configuration:
<Setting Name="SessionControls" Type="htf:map">
<Setting Name="Reauthenticate" Type="xsd:boolean">false</Setting>
<Setting Name="SessionContinuationOnSyncFailure" Type="xsd:boolean">false</Setting>
<Setting Name="SessionDataRetrievalOnDemand" Type="xsd:boolean">true</Setting>
<Setting Name="SessionMustBeAnchoredToDataCenterServicingUser" Type="xsd:boolean">false</Setting>
<Setting Name="SessionDataRetrievalOnDemandConnection" Type="htf:map">
<Setting Name="max_conn_wait_time" Type="xsd:integer"><VALUE></Setting>
<Setting Name="max_retry_attempts" Type="xsd:integer"><VALUE></Setting>
</Setting>
What happens though when an authenticated user hits an application on the remote site, is that he is re-challenged for authentication!
What is expected is that session is adopted by DC2 OAM so that user is not challenged anymore for credentials; this is not happening.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |