Oracle Access Manager 11g (OAM 220.127.116.11.x) Idle Session Timeout Invoked Causes Kerberos/WNA Authentication to Present a Login Prompt Via Detached Credential Collector (DCC) WebGate
(Doc ID 2303722.1)
Last updated on OCTOBER 12, 2021
Applies to:Oracle Access Manager - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
- Oracle Access Manager 11gr2ps3 (OAM 22.214.171.124.x) Idle Session Timeout Invoked Causes Kerberos/WNA Authentication to Present a Login Prompt Via Detached Credential Collector (DCC) WebGate
- Using applications that authenticate via KerberosScheme, once the idle timeout is passed, 30 minutes with no activity on the application, an authentication prompt is popped up.
- Expected behavior here is that OAM will challenge but that the browser will respond using Windows Integrated Authentication in the background, without prompting the user.
- This issue started surfacing post the OAM upgrade and patchset (126.96.36.199.x)
- Environments running 188.8.131.52.3 and one off patch <Bug:14826703> - dcc webgate - basic authentication failed in case of session expiration, do not see the issue.
Steps to reproduce
1. Connect to a Kerberos integrated application – log in successfully
2. Leave session inactive for 30 minutes to trigger an OAM timeout
3. Attempt to click on a link within the application that triggers a new call to the application
4. Authentication pop-up for ‘KerberosScheme’ appears
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document