Does Oracle Access Manager (OAM) WebGate Have The Ability To Allow The Cache Lookup To Be Skipped Based On The URL Being Accessed
(Doc ID 2870599.1)
Last updated on MAY 20, 2022
Applies to:
Oracle Access Manager - Version 12.2.1.3.0 and laterInformation in this document applies to any platform.
Goal
- Federation
- Oracle Access Manager acting as the Service Provider (SP)
- "ClinicalViewer" is acting as the Identity Provider (IdP)
A user has an existing OAM session in a browser tab, and then creates a new tab for a new OAM session with the same user account, they may receive a cached version of the authorization headers from Webgate, instead of a new version.
This causes an issue with our "ClinicalViewer" browser application, where the authorization headers contain the patient identifier for the patient to display in the ClinicalViewer application.
By getting the cached version of the authorization information the previous patient is shown in the ClinicalViewer application instead of the current patient.
Looking at the WebGate DEBUG3 logging, we can see that the authorization information is being retrieved from cache.
Completely disabling the cache by setting cacheTimeout to 0 is not a practical solution as this will cause a performance issue where all requests will have to be verified by a request to OAM.
Scenario
1. Doctor logs into SSO
2. Requests patient A via their application (STS tool as IdP) and sent to OAM (acting as SP)
3. SAML returns with correct patient A data
4. Now doctor opens a second tab in the same browser (same SSO session)
5. Request patient B
6. SAML returns patient A data (due to authorization cache)
Does Oracle Access Manager (OAM) Webgate have the ability to allow the cache lookup to be skipped based on the URL being accessed?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| References |