OAM 11.1.2.2 BP07: MDC: Authorization Fails with The Error "Authn token passed to the ObUserSession constructor is null or invalid" (Doc ID 2213245.1)

Last updated on DECEMBER 14, 2016

Applies to:

Oracle Access Manager - Version 11.1.2.2.7 and later
Information in this document applies to any platform.

Goal

Architecture:
MDC (2 DCs with a cluster of 2 OAM Servers each) setup for OAM.
In Oracle managed data centers DC1 and DC2. DC1 is master and DC2 is cloned)
This setup combines with Two WebGates configured in 2 customer data centers(WG1 and WG2), protecting applications.
WG1 webgate allows the connection only to OAM instance in DC1 and WG2 webgate allows the connection to only two DC2.
All the protected applications work fine with this setup except OIM Application.

Expected and Observed Results
-----------------------------
Expected Result: OIM Application should return the page when authenticated through the cloned oam instance(DC2)

Observed Result:
----------------
- User tries to get access to a protected resource.
- For credential collection, when user gets redirected to Master Data center (DC1). It just works fine.
- For credential collection, they get redirected to the Clone Data Center (DC2) and they get authenticated on DC2.
- They then get redirected to the originally requested URL on Master Data center(DC1) for authorization.
- Authorization fails on Master data center with error "Authn token passed to the ObUserSession constructor is null or invalid."
- This creates continuous looop situation.


 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms