My Oracle Support Banner

Oracle Access Manager (OAM) Federation Flow -After Session Timeout Re-authentication Fails "System Error" (Doc ID 2778526.1)

Last updated on MAY 26, 2021

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

After idle timeout, system error is seen if a resource from different SP is accessed.

Flow

  • SSO session is initiated from the SP <SP_1>, authentication done by IdP <IDP_1> and <SP_1> is mapping user from assertion to <ID_STORE_1:USER_1> which works properly
  • Using session created in step 1, now access <RESOURCE_1> protected by OAM as SP using Fed scheme of <IDP_2>. Access to <RESOURCE_1> is successful without authentication
  • While still on <RESOURCE_1>, wait for idle session to occur and then refresh the page
  • Authentication is required by OAM, at which point OAM redirects to <IDP_2>
  • After authentication and SAML Response & Assertion sent to OAM (which tries to map the user to <ID_STORE_2:USER_1>, but with an existing session of <ID_STORE_1:USER_1>, a "System Error" is returned and "User"1" from existing session ... is different from user locally authenticated"

Is user uniqueness based on IDStore+UserDN or only UserDN?

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.