The ObSSOCookie Gets Set To 'loggedoutcontinue' When Cancelling Authentication To A Higher Level Authentication Scheme (Doc ID 437939.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Access - Version: 10.1.4 to 10.1.4 - Release: 10g to 10g
Information in this document applies to any platform.
Checked for relevance on 12-Apr-2010

Symptoms

All webgates prior to 10.1.4 will leave the obssocookie intact when the webgate evaluates that a timeout condition has occurred or if a step-up authentication is required. The webgate will redirect the user to the appropriate authentication form. In a step-up scenario, if a user does not have the capability to authenticate to the higher level, they can simply go 'back' in the browser to carry on browsing resources at their currently authenticated level.

With the 10.1.4 webgates the obssocookie cookie is set to loggedoutcontinue for both timeout and step-up scenarios. While this is acceptable for an expiry condition, it is unacceptable for a step-up scenario as the user is experience is poor and deemed unacceptable.

Changes

Steps to reproduce:

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms