My Oracle Support Banner

Does Oracle Access Manager (OAM) WebGate Have The Ability To Allow The Cache Lookup To Be Skipped Based On The URL Being Accessed (Doc ID 2870599.1)

Last updated on MAY 20, 2022

Applies to:

Oracle Access Manager - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Goal

A user has an existing OAM session in a browser tab, and then creates a new tab for a new OAM session with the same user account, they may receive a cached version of the authorization headers from Webgate, instead of a new version.
This causes an issue with our "ClinicalViewer" browser application, where the authorization headers contain the patient identifier for the patient to display in the ClinicalViewer application.
By getting the cached version of the authorization information the previous patient is shown in the ClinicalViewer application instead of the current patient.
Looking at the WebGate DEBUG3 logging, we can see that the authorization information is being retrieved from cache.
Completely disabling the cache by setting cacheTimeout to 0 is not a practical solution as this will cause a performance issue where all requests will have to be verified by a request to OAM.

Scenario
1. Doctor logs into SSO
2. Requests patient A via their application (STS tool as IdP) and sent to OAM (acting as SP)
3. SAML returns with correct patient A data
4. Now doctor opens a second tab in the same browser (same SSO session)
5. Request patient B
6. SAML returns patient A data (due to authorization cache)

Does Oracle Access Manager (OAM) Webgate have the ability to allow the cache lookup to be skipped based on the URL being accessed?


 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.