OAM - Authorization is failing for a specific case (caused by a Time Zone difference between OAM Nodes)
(Doc ID 2823615.1)
Last updated on DECEMBER 06, 2022
Applies to:
Oracle Access Manager - Version 12.2.1.4.0 and laterInformation in this document applies to any platform.
Symptoms
A 2 Nodes OAM Cluster is used (OAM1 and OAM2)
On ASDK side, is obtained a Session Token from OAM Server by using "getSessionToken()"
This token is used in creation of a WebGate cookie (OAMAuthnCookie)
Following these steps is failing:
1. Bring OAM1 Node down (and keep just OAM2 up )
2. Get the token - Performed Authentication (Session is getting created in OAM)
3. Make OAM1 up and running
4. Bring OAM2 down.
5. Invoke service (Authorization) using token obtained in step 2
6. Failed to invoke service. Even session is available in OAM, WebGate is not considering it as authenticated session
In logs is present this entry:
.......
<date/time> 11404 22884 AUTHORIZATION ERROR 0x00001819 ..\src\obuser_session.cpp:2275 ecid^00jAooBV0QMF.......9w rid^0 "Authn token passed to the ObUserSession constructor is null or invalid." raw_code^201
.......
Vice-versa case is working.
Means followed the same steps but just interchanging OAM1 and OAM2.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |