Active-Active MDC Failover Not Working As Expected (Doc ID 2122469.1)

Last updated on MAY 20, 2016

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

A Multi Data Center active-active configuration was implemented, where each Data Center has its own AdminServer/DB and a single instance of OAM runtime
( AdminServer is installed on a separate system than the OAM).
Webgates are configured so that they only speak to local OAMs.

The MDC deployment has been chosen to satisfy these requirements:

- Under normal circumstances no user session is replicated towards the remote site
- In case a user is routed to a different MDC, session has to be adopted on the local DC OAM using back-channel synchronization only; if the remote OAM is down or unreachable, re-authentication must occur.

 

MDC configuration:

<Setting Name="SessionControls" Type="htf:map">
   <Setting Name="Reauthenticate" Type="xsd:boolean">false</Setting>
   <Setting Name="SessionContinuationOnSyncFailure" Type="xsd:boolean">false</Setting>
   <Setting Name="SessionDataRetrievalOnDemand" Type="xsd:boolean">true</Setting>
   <Setting Name="SessionMustBeAnchoredToDataCenterServicingUser" Type="xsd:boolean">false</Setting>
   <Setting Name="SessionDataRetrievalOnDemandConnection" Type="htf:map">
   <Setting Name="max_conn_wait_time" Type="xsd:integer">80</Setting>
   <Setting Name="max_retry_attempts" Type="xsd:integer">3</Setting>
</Setting>




What happens though when an authenticated user hits an application on the remote site, is that he is re-challenged for authentication!

What is expected is that session is adopted by DC2 OAM so that user is  not challenged anymore for credentials; this is not happening.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms