OAM Logout Fails to Invalidate Session in Multi Data Center Environment After Session is Migrated
(Doc ID 2724051.1)
Last updated on NOVEMBER 03, 2020
Applies to:Oracle Access Manager - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
When attempting to logout in an MDC environment, the logout appears to succeed, however on accessing a protected resource the user session is reestablished, and the user is able to access resources without reauthenticating.
There was a very specific use pattern for this case:
1. User accesses protected resource in data center A (there was only a single webgate involved, which was in data center A)
2. The OAM managed server was shut down in data center A
3. The user refreshes the resource/accesses another resource on the same webgate (to affect a migration from data center A to data center B)
4. The user logs out of OAM using the /oam/server/logout URL on the OAM managed server
5. The user then accesses the original resource again, and is granted access without having to reauthenticate
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document