Oracle Access Manager 11gr2ps3 (OAM 126.96.36.199.x) Idle Session Timeout Invoked Causes Kerberos/WNA Authentication to Present a Login Prompt Via Detached Credential Collector (DCC) WebGate
Last updated on SEPTEMBER 28, 2017
Applies to:Oracle Access Manager - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
- Oracle Access Manager 11gr2ps3 (OAM 184.108.40.206.x) Idle Session Timeout Invoked Causes Kerberos/WNA Authentication to Present a Login Prompt Via Detached Credential Collector (DCC) WebGate
- Using applications that authenticate via KerberosScheme, once the idle timeout is passed, 30 minutes with no activity on the application, an authentication prompt is popped up.
- Expected behavior here is that OAM will challenge but that the browser will respond using Windows Integrated Authentication in the background, without prompting the user.
- This issue started surfacing post the OAM upgrade and patchset (220.127.116.11.x)
- Environments running 18.104.22.168.3 and one off patch <Bug:14826703> - dcc webgate - basic authentication failed in case of session expiration, do not see the issue.
Steps to reproduce
1. Connect to a Kerberos integrated application – log in successfully
2. Leave session inactive for 30 minutes to trigger an OAM timeout
3. Attempt to click on a link within the application that triggers a new call to the application
4. Authentication pop-up for ‘KerberosScheme’ appears
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms