My Oracle Support Banner

OAM - Authorization is failing for a specific case (caused by a Time Zone difference between OAM Nodes) (Doc ID 2823615.1)

Last updated on DECEMBER 06, 2022

Applies to:

Oracle Access Manager - Version 12.2.1.4.0 and later
Information in this document applies to any platform.

Symptoms

A 2 Nodes OAM Cluster is used (OAM1 and OAM2)

On ASDK side, is obtained a Session Token from OAM Server by using "getSessionToken()"

This token is used in creation of a WebGate cookie (OAMAuthnCookie)

Following these steps is failing:

1. Bring OAM1 Node down (and keep just OAM2 up )
2. Get the token - Performed Authentication (Session is getting created in OAM)
3. Make OAM1 up and running
4. Bring OAM2 down.
5. Invoke service (Authorization) using token obtained in step 2
6. Failed to invoke service. Even session is available in OAM, WebGate is not considering it as authenticated session

 

In logs is present this entry:

.......

<date/time> 11404 22884 AUTHORIZATION ERROR 0x00001819 ..\src\obuser_session.cpp:2275 ecid^00jAooBV0QMF.......9w rid^0 "Authn token passed to the ObUserSession constructor is null or invalid." raw_code^201

.......

 


Vice-versa case is working.

Means followed the same steps but just interchanging OAM1 and OAM2.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.