How to update the OAM SSO Session Linking JWT OAUTH_TOKEN Validity ? (Doc ID 3019764.1)

Last updated on MAY 02, 2024

Applies to:

Goal

In deployment scenarios where a few resources are protected by OAM while some might be accessed with OAuth, to achieve seamless SSO between the different mixes of applications, it is necessary to link the SSO session with the Access Token.

When the SSO Session is created, a JWT User Token is created. The JWT User Token has the SSO "session_id" as part of its claims.

> https://docs.oracle.com/en/middleware/idm/access-manager/12.2.1.4/aiaag/configuring-oauth-services-12c.html#GUID-463B30BD-0461-482C-9C71-B7B5BFE1CC86

Two other JWT claims are:

- "exp" (expiration time): Time after which the JWT expires (in milliseconds since epoch)

- "iat" (issued at time): Time at which the JWT was issued (in milliseconds since epoch)

- The difference between exp and iat (ie: exp - iat) = JWT expiration time in "ms".

By default, JWT Tokens are created with an Expiration time of 3600 seconds (1 hour).

This document shows how to make OAM create JWT SSO Linking Tokens with an Expiry time other than the default.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.