My Oracle Support Banner

The ObSSOCookie Gets Set To 'loggedoutcontinue' When Cancelling Authentication To A Higher Level Authentication Scheme (Doc ID 437939.1)

Last updated on JANUARY 31, 2019

Applies to:

COREid Access - Version 10.1.4 to 10.1.4 [Release 10g]
Information in this document applies to any platform.
Checked for relevance on 12-Apr-2010


Symptoms

All webgates prior to 10.1.4 will leave the obssocookie intact when the webgate evaluates that a timeout condition has occurred or if a step-up authentication is required. The webgate will redirect the user to the appropriate authentication form. In a step-up scenario, if a user does not have the capability to authenticate to the higher level, they can simply go 'back' in the browser to carry on browsing resources at their currently authenticated level.

With the 10.1.4 webgates the obssocookie cookie is set to loggedoutcontinue for both timeout and step-up scenarios. While this is acceptable for an expiry condition, it is unacceptable for a step-up scenario as the user is experience is poor and deemed unacceptable.

Changes

Steps to reproduce:

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.