OAAM Session_Expired Error During User Login with LB

(Doc ID 2146234.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Adaptive Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Goal

In OAM an OAAM integration everything was working fine with a single server. However as the deployment progressed and a load balancer (LB) was introduced, there was an intermittent issue, whereby, immediately upon logging in, the end user would recieve a URL which said

Architecture:
============

The architecture was as follow:

Load Balancer Externa              Internal OHS Load Balancer

                                                                             /OAAM1
  Cisco ACE ------              -----OHS ------------
                                                                              \OAAM2
(Sticky sessions configured for the load balancer)


OAAM Propertied set
======================

The following properties were set in the bharosa_server.properties/oaam_custom.properties file
 (oracle.oaam.extensions.war)

bharosa.tracker.loadbalanced = true
vcrypt.tracker.trackerrequest.never = true
vcrypt.tracker.trackerrequest.optimized = true

Header Trace:
============
In the header trace we can see: https://eiam-uat.dhss.state.de.us/oaam_server/error.do?action=session_expired

Client User is not found in session, so the session is expired

 oaam1_server_server1-diagnostic.log

[2016-05-02T11:33:23.120-04:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 00i^7FyzJJaFw00Fzzw0w00000UG000706,0:4:13:3] [APP: oaam_server#11.1.2.0.0] AbstractTaskProcessor.validateSession(): Client User is not found in session, so the session is expired.


It was observed that :

Failure case: JESSSIONID is changing...request affinity to OAAM server is not maintained and session is seen as expired

https://eiam-uat.dhss.state.de.us/oaam_server/challengeUser.do?showView=wait

JSESSIONID=y3pvX2rYh<snipped for brevity>

https://eiam-uat.dhss.state.de.us/oaam_server/error.do?action=session_expired

JSESSIONID=J6pCX2<snipped for brevity>


In a success case the value is consistent and affinity maintained.

=================================================================
  failure case
  http trace shows
JSESSIONID is changing
  success case shows
  http trace
JSESSIONID is consistent

Again in the logs ( oaam1_server_server1-diagnostic.log we could see )
==================================================


SUCCESS: Forwarding to target= Allow
------

[SRC_CLASS: com.bharosa.uio.actions.ChallengeUserAction] bharosaExecute(): Exiting. Forwarding to target= Allow

FAILURE: Forwarding to target= session_expired
------
 ( Intermittent w. load balancer is in place ) Not found in session.

[SRC_CLASS: com.bharosa.uio.actions.ChallengeUserAction] bharosaExecute(): Exiting. Forwarding to target= session_expired

[2016-05-04T07:28:53.101-04:00] [oaam_server_server2] [NOTIFICATION] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 00i^9ZG9GCfFw00Fzzw0w00000UG00092M,0:4:13:4] [APP: oaam_server#11.1.2.0.0] AbstractTaskProcessor.validateSession(): Client User is not found in session, so the session is expired.

[2016-05-04T07:28:53.101-04:00] [oaam_server_server2] [TRACE:16] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 00i^9ZG9GCfFw00Fzzw0w00000UG00092M,0:4:13:4] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: com.bharosa.uio.processor.task.AbstractTaskProcessor] AbstractTaskProcessor.validateSession(): Exited. Target=session_expired


What was causing this behavior?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms