OAM: MDC - APS Configuration - Authorization Not Working Correctly In The Clone Servers

(Doc ID 2167005.1)

Last updated on SEPTEMBER 11, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.3.4 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.2.3.4 version, Authentication Engine

OAM: MDC - APS configuration - Authorization not working correctly in the Clone servers

APS and MDC configurations in place in our environment.

When customer are modifying any authorization policy in existing application domains,which are active and are being accessed by the users, the changes are getting reflected in the Clone servers, but the changes are not activated until we restart the OAM servers.

It looks like the authorization policies are getting cached and the cache does not get invalidated when the resources and authorization policies are updated in the Clone servers. The changes are activated in the Master server without any issues. It creates a problem for us, since we have to make a lot of changes in our authorization policies and every time we need to take a downtime to restart the oam servers to get the changes activated in the Clone servers.

ERROR
-----------------------
[2016-05-19T20:53:31.668-05:00] [oam_server1] [TRACE:16] []
[oracle.oam.config] [tid: OAM Map Notification:JournalEventListenerWrapper]
[userId: <anonymous>] [ecid: 0000LJ1xCUbFGBZ5xn^AyW1NEyI2000005,0] [APP:
oam_server#11.1.2.0.0] [SRC_CLASS:
oracle.security.am.admin.config.util.MapUtil] [SRC_METHOD: getIntValue]
THROW[[
oracle.security.am.admin.config.ConfigurationException: Cannot get
java.lang.Integer value from configuration for key LockWaitTime. Object null
found.


STEPS
-----------------------
Customer test case is pretty similar to what you tested. Below is our test case:

- Accessed resource in Clone DC

- Accessed resource in Master DC

- Modified authorization policy success URL to a different URL than it was
before

- Verified the change got reflected in both DC /oamconsole

- Accessed resource in Clone DC - got redirected to the updated authorization
success URL

- Accessed resource in Master DC - got redirected to the old authorization
success URL - This is where this patch fails.




Changes

Customer configured MDC configuration. 

When customer are modifying any authorization policy in existing application domains,which are active and are being accessed by the users, the changes are getting reflected in the Clone servers, but the changes are not activated until we restart the OAM servers.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms