My Oracle Support Banner

OAAM Session_Expired Error During User Login with LB (Doc ID 2146234.1)

Last updated on AUGUST 09, 2018

Applies to:

Oracle Adaptive Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Goal

In OAM an OAAM integration everything was working fine with a single server. However as the deployment progressed and a load balancer (LB) was introduced, there was an intermittent issue, whereby, immediately upon logging in, the end user would recieve a URL which said

Architecture:
============

The architecture was as follow:

Load Balancer Externa              Internal OHS Load Balancer

                                                                             /OAAM1
  Cisco ACE ------              -----OHS ------------
                                                                              \OAAM2
(Sticky sessions configured for the load balancer)


OAAM Propertied set
======================

The following properties were set in the bharosa_server.properties/oaam_custom.properties file
 (oracle.oaam.extensions.war)

bharosa.tracker.loadbalanced = true
vcrypt.tracker.trackerrequest.never = true
vcrypt.tracker.trackerrequest.optimized = true

Header Trace:
============
In the header trace we can see: https://eiam-uat.dhss.state.de.us/oaam_server/error.do?action=session_expired

Client User is not found in session, so the session is expired

 oaam1_server_server1-diagnostic.log

[2016-05-02T11:33:23.120-04:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 00i^7FyzJJaFw00Fzzw0w00000UG000706,0:4:13:3] [APP: oaam_server#11.1.2.0.0] AbstractTaskProcessor.validateSession(): Client User is not found in session, so the session is expired.


It was observed that :

Failure case: JESSSIONID is changing...request affinity to OAAM server is not maintained and session is seen as expired

https://eiam-uat.dhss.state.de.us/oaam_server/challengeUser.do?showView=wait

JSESSIONID=y3pvX2rYh<snipped for brevity>

https://eiam-uat.dhss.state.de.us/oaam_server/error.do?action=session_expired

JSESSIONID=J6pCX2<snipped for brevity>


In a success case the value is consistent and affinity maintained.

=================================================================
  failure case
  http trace shows
JSESSIONID is changing
  success case shows
  http trace
JSESSIONID is consistent

Again in the logs ( oaam1_server_server1-diagnostic.log we could see )
==================================================


SUCCESS: Forwarding to target= Allow
------

[SRC_CLASS: com.bharosa.uio.actions.ChallengeUserAction] bharosaExecute(): Exiting. Forwarding to target= Allow

FAILURE: Forwarding to target= session_expired
------
 ( Intermittent w. load balancer is in place ) Not found in session.

[SRC_CLASS: com.bharosa.uio.actions.ChallengeUserAction] bharosaExecute(): Exiting. Forwarding to target= session_expired

[2016-05-04T07:28:53.101-04:00] [oaam_server_server2] [NOTIFICATION] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 00i^9ZG9GCfFw00Fzzw0w00000UG00092M,0:4:13:4] [APP: oaam_server#11.1.2.0.0] AbstractTaskProcessor.validateSession(): Client User is not found in session, so the session is expired.

[2016-05-04T07:28:53.101-04:00] [oaam_server_server2] [TRACE:16] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 00i^9ZG9GCfFw00Fzzw0w00000UG00092M,0:4:13:4] [APP: oaam_server#11.1.2.0.0] [SRC_CLASS: com.bharosa.uio.processor.task.AbstractTaskProcessor] AbstractTaskProcessor.validateSession(): Exited. Target=session_expired


What was causing this behavior?
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.