AdfAuthentication Cannot Handle Concurrent Requests (Doc ID 2223945.1)

Last updated on OCTOBER 18, 2022

Applies to:

Symptoms

After securing images using a Security Group and removing read permission for "guest" role, a custom portal page using images from WebCenter Content (WCC) server, displays duplicate image instead of single image.

• Content Server and Portal are configured using Kerberos SSO.

On analysis of HTML in the portal, it is noticed that the html source in portal correctly points to the content server urls for the images.
Testing each image url separately displays the correct image.  The issue was further analyzed using Fiddler Trace.

When the browser received the HTML, it starts a new HTTP request for each image because the HTML only contains the image URL (HREF hiperlink). For each image download request, the first response was 302 and the new location was the WCC ADFAuthenticated login page.  The WCC ADFAuthenticated Login page, in turn, received the Single Sign On Kerberos successfully and redirected to a new URL location: the last (and same) image requested by the browser.

This is the cause of the problem: ADFAuthenticated login page does not support concurrent multiple requests.  The browser started one download thread for each image and all of them requested the ADFAuthenticated page almost at same time.

Steps to Reproduce:

------------------------------

1. Checkin 2 images into the Secure group in WCC server.
2. Create a HTML file with two image tags pointing to the weblayout location of the two images.
3. Checkin the HTML file to public security group so its accessible without login.
4. Access the HTML file without logging into WCC.  Notice that neither of the images show.  Instead there is a X mark.
5. In another browser tag, login to WCC.
6. Refresh the HTML file.  Notice that both images show now.
7. Now test this in a Kerberos setup.
8. Notice that when the HTML page is loaded in the browser, sometimes only one image shows, sometimes same image shows in both spots.
This happens only for the first time load.

Refreshing the page fixes the issue.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.