Oracle Access Manager (OAM) Active-Active Multi Data Center (MDC) Failover Not Working As Expected
(Doc ID 2122469.1)
Last updated on MAY 19, 2023
Applies to:Oracle Access Manager - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
A Multi Data Center active-active configuration was implemented, where each Data Center has its own AdminServer/DB and a single instance of OAM runtime
( AdminServer is installed on a separate system than the OAM).
Webgates are configured so that they only speak to local OAMs.
The MDC deployment has been chosen to satisfy these requirements:
- Under normal circumstances no user session is replicated towards the remote site
- In case a user is routed to a different MDC, session has to be adopted on the local DC OAM using back-channel synchronization only; if the remote OAM is down or unreachable, re-authentication must occur.
<Setting Name="SessionControls" Type="htf:map">
<Setting Name="Reauthenticate" Type="xsd:boolean">false</Setting>
<Setting Name="SessionContinuationOnSyncFailure" Type="xsd:boolean">false</Setting>
<Setting Name="SessionDataRetrievalOnDemand" Type="xsd:boolean">true</Setting>
<Setting Name="SessionMustBeAnchoredToDataCenterServicingUser" Type="xsd:boolean">false</Setting>
<Setting Name="SessionDataRetrievalOnDemandConnection" Type="htf:map">
<Setting Name="max_conn_wait_time" Type="xsd:integer"><VALUE></Setting>
<Setting Name="max_retry_attempts" Type="xsd:integer"><VALUE></Setting>
What happens though when an authenticated user hits an application on the remote site, is that he is re-challenged for authentication!
What is expected is that session is adopted by DC2 OAM so that user is not challenged anymore for credentials; this is not happening.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document