Active-Active MDC Failover Not Working As Expected
Last updated on MAY 20, 2016
Applies to:Oracle Access Manager - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
A Multi Data Center active-active configuration was implemented, where each Data Center has its own AdminServer/DB and a single instance of OAM runtime
( AdminServer is installed on a separate system than the OAM).
Webgates are configured so that they only speak to local OAMs.
The MDC deployment has been chosen to satisfy these requirements:
- Under normal circumstances no user session is replicated towards the remote site
- In case a user is routed to a different MDC, session has to be adopted on the local DC OAM using back-channel synchronization only; if the remote OAM is down or unreachable, re-authentication must occur.
<Setting Name="SessionControls" Type="htf:map">
<Setting Name="Reauthenticate" Type="xsd:boolean">false</Setting>
<Setting Name="SessionContinuationOnSyncFailure" Type="xsd:boolean">false</Setting>
<Setting Name="SessionDataRetrievalOnDemand" Type="xsd:boolean">true</Setting>
<Setting Name="SessionMustBeAnchoredToDataCenterServicingUser" Type="xsd:boolean">false</Setting>
<Setting Name="SessionDataRetrievalOnDemandConnection" Type="htf:map">
<Setting Name="max_conn_wait_time" Type="xsd:integer">80</Setting>
<Setting Name="max_retry_attempts" Type="xsd:integer">3</Setting>
What happens though when an authenticated user hits an application on the remote site, is that he is re-challenged for authentication!
What is expected is that session is adopted by DC2 OAM so that user is not challenged anymore for credentials; this is not happening.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms