OAM 11.1.2.3 Multi Data Center(MDC) Setup Failed to Decrypt obrareq cookie (Doc ID 2247398.1)

Last updated on MAY 17, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 to 11.1.2.3.5 [Release 11g]
Information in this document applies to any platform.

Symptoms

Have Configured Multi Data Center Setup with OAM 11.1.2.3 BP 08.
This is a two node cluster in DataCenter1 and DataCenter2 in a common domain *.oraclecorp.com.

Have followed the document "Setting Up a Multi-Data Center":

Both pasteBinary and pasteConfig.sh were successful in migrating the configuration on the DataCenter2.

Have also exported and imported the policy data from Master Node to the Clone Node of OAM. There is a single load balancer(OHS Instance) load balancing all the 4 oam servers combined in both the data center.

The MDC session parameters have set for both data centers

SessionMustBeAnchoredToDataCenterServicingUser=false
SessionDataRetrievalOnDemand=true
Reauthenticate=false
SessionDataRetrievalOnDemandMax_retry_attempts=3
SessionDataRetrievalOnDemandMax_conn_wait_time=80
SessionContinuationOnSyncFailure=true
MDCGitoCookieDomain=.oraclecorp.com

The resource webgate agentid="mdcwebgate" talks directly to the oam server on 14100 port.

Note: When the user access the protected url with at least one managed server in Data-Center1 running, the request is completed successfully.

When all the OAM Managed servers in DataCenter 1 are down, the request does get redirected to DataCcenter2 as with  "OAM System Error".

The OAM Server diagnostic logs from DataCenter2 shows below error:

]]

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms