Does Oracle Access Manager (OAM) WebGate Have The Ability To Allow The Cache Lookup To Be Skipped Based On The URL Being Accessed (Doc ID 2870599.1)

Last updated on AUGUST 17, 2023

Applies to:

Goal

• Federation
• Oracle Access Manager acting as the Service Provider (SP)
• Third party acting as as the Identity Provider (IdP)

A user has an existing OAM session in a browser tab, and then creates a new tab for a new OAM session with the same user account, they may receive a cached version of the authorization headers from WebGate, instead of a new version. This causes an issue with our "<THIRD_PARTY>" browser application, where the authorization headers contain the <USER> identifier for the <USER> to display in the <THIRD_PARTY> application. By getting the cached version of the authorization information the previous <USER> is shown in the <THIRD_PARTY> application instead of the current <USER>. Looking at the WebGate DEBUG3 logging, it is see that the authorization information is being retrieved from cache. Completely disabling the cache by setting cacheTimeout to 0 is not a practical solution as this will cause a performance issue where all requests will have to be verified by a request to OAM.

Scenario
1. User logs into SSO
2. Requests <USER> A via their application (Third Party as IdP) and sent to OAM (acting as SP)
3. SAML returns with correct <USER> A data
4. Now User opens a second tab in the same browser (same SSO session)
5. Request <USER> B
6. SAML returns <USER> A data (due to authorization cache)

Does Oracle Access Manager (OAM) WebGate have the ability to allow the cache lookup to be skipped based on the URL being accessed?
 

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.