Oracle Access Manager (OAM) Single Sign-ON (SSO) Linked JWT Tokens Don't Expire On Session Expire Or After Idle Timeout
(Doc ID 2967588.1)
Last updated on AUGUST 15, 2023
Applies to:
Oracle Access Manager - Version 12.2.1.4.220906 and laterInformation in this document applies to any platform.
Symptoms
When using the the SSO Linking feature, the access token is still valid after the linked session has been invalidated.
- Linked JWT tokens don't expire on session expire or after idle timeout
- The expectations is if the session has been idle for more than 15 mins(configured value), when this JWT token is checked for validity it will fail. This ensures that the rules of the session are also applied to the OAuth Access Tokens.
Steps To Reproduce the Issue
1. Followed ...
- KM Oracle Access Manager 12c (OAM 12.2.1.3) - SSO Session Linking for OAuth Tokens (Doc ID 2541945.1)
- Access Manager, Release 12.2.1.4, Administering Oracle Access Management, 37 Configuring OAuth Services in 12c, 37.9 SSO Session Linking for OAuth Tokens
2. In Authentication Scheme - Challenge Parameters
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |