My Oracle Support Banner

SSO Login Fails Intermittently In Distributed High Availability Environment (Doc ID 390573.1)

Last updated on AUGUST 15, 2018

Applies to:

Oracle Application Server Single Sign-On - Version and later
Information in this document applies to any platform.
***Checked for relevance on 03-FEB-2015***


Distributed High Availability (HA) 10g AS architecture with two load-balanced SSO midtiers in Active-Active HA mode and two load-balanced OIDs in Active-Active.

SSO login is failing approximately 10% of the time, the browser shows HTTP-500 Internal Server Error or Page Cannot be Displayed.

The following TCP/IP parameters are configured on the 10gAS servers:

   net.ipv4.tcp_keepalive_time = 300
   net.ipv4.tcp_keepalive_probes = 3
   net.ipv4.tcp_keepalive_intvl = 20

SSO has the following set:
   connectionIdleTimeout = 10

OID has:
   orclldapconntimeout = 12 
   orclstatsperiodicity = 7
which should be suitable settings for the load-balancer with an idle connection timeout of 15 minutes.

Ref: A.1.9 Oracle Internet Directory Connections Being Disconnected by the Load Balancer or Firewall

$ORACLE_HOME/sso/log/ssoServer.log shows 'Socket Closed' error, e.g.,

Fri Aug 18 10:12:25 CEST 2006 [ERROR] AJPRequestHandler-ApplicationServerThread-12 Could not get attributes for user, test
  oracle.ldap.util.UtilException: NamingException encountered when resolving user - SIMPLE NAME = TEST; socket closed
  at oracle.ldap.util.Subscriber.getUser_NICKNAME(
  at oracle.ldap.util.Subscriber.getUser(
  at oracle.ldap.util.Subscriber.getUser(
  at javax.servlet.http.HttpServlet.service(
Fri Aug 18 10:12:25 CEST 2006 [DEBUG] AJPRequestHandler-ApplicationServerThread-12 Directory Exception while getting the user attributes: auth_fail_exception auth_fail_exception
  at javax.servlet.http.HttpServlet.service(

If WNA is enabled for SSO, the opmn/logs/OC4J~OC4J_SECURITY~default_island~1 shows:

06/08/18 10:04:02 Broken pipe
06/08/18 10:06:38 Broken pipe
06/08/18 10:12:10 Broken pipe
06/08/18 10:36:30 Error while getting user attributes from OID for the kerberos user: test@ORACLE.COM
06/08/18 10:36:30 The system is unable to retreive the specified realm(s).
06/08/18 10:36:30 at Source)
06/08/18 10:36:30 Caused by: javax.naming.ServiceUnavailableException:; socket closed; remaining name 'cn=common,cn=products,cn=oraclecontext'
06/08/18 10:36:30 at com.sun.jndi.ldap.Connection.readReply(
06/08/18 10:36:30 at com.sun.jndi.ldap.LdapClient.getSearchReply(



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.