My Oracle Support Banner

DCC Login Prompt Happening After Authentication Is Successful In IDP Initiated SSO (ECC) (Doc ID 2524698.1)

Last updated on MARCH 29, 2019

Applies to:

Oracle Access Manager - Version 11.1.2.3.180116 and later
Information in this document applies to any platform.

Symptoms

You are being prompted by OAM Login form (A DCC protected resource) after we are successfully authenticated in an IDP initiated SSO (ECC).

Test1
 - Open a new client web browser
 - Access https://app1WebServer.com/DCC-Protected-Page.html
 - Login through DCC WebGate
 - User is authenticated successfully resource is displayed
 - Now, go to OAM Console > Session Management, double check the value for "Client IP Address" - you see the IP as the Load Balancer IP (expect to see the actual Client IP)


Test2
 - Open another new client web browser
 - Access https://dccWebServer.com/oamfed/idp/initiatesso?providerid=https://dccWebServer.com&returnurl=http://app2WebServer.com/myPage.jsp&myurl= (tunnelling)
 - Login
 - User is authenticated successfully resource is displayed
 - Now, go to OAM Console > Session Management, double check the value for "Client IP Address" you see the IP as the actual Client IP Address of session (this is an expected result)

 

OAM diagnostic log will show similar error below:

 

[2019-01-23T08:35:34.445-07:00] [OAM-1] [TRACE:32] [] [oracle.oam.controller] ... [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.engines.enginecontroller.sso.SSOEngineController] [SRC_METHOD: checkSessionValid] IP check enabled: true
[2019-01-23T08:35:34.445-07:00] [OAM-1] [TRACE:32] [] [oracle.oam.controller] ... [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.engines.enginecontroller.sso.SSOEngineController] [SRC_METHOD: checkSessionValid] Session client IP: 10.30.1.100, Request client Ip: 192.168.4.253
[2019-01-23T08:35:34.445-07:00] [OAM-1] [WARNING] [] [oracle.oam.controller] ... [APP: oam_server#11.1.2.0.0] Session validity set to false because IP check fails (Session client IP: 10.30.1.100, Request client Ip: 192.168.4.253)
[2019-01-23T08:35:34.448-07:00] [OAM-1] [TRACE] [] [oracle.oam.controller] ... [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.engines.enginecontroller.sso.SSOEngineController] [SRC_METHOD: checkSessionValid] SME Session is invalid.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.