My Oracle Support Banner

Agile SAML2.0 SSO Implementation - After Agile Web Client Session Timeouts, Looping Back And Forth Between (Agile URL) & (Single Signon URL - SAML Identity Provider) (Doc ID 2647230.1)

Last updated on NOVEMBER 06, 2023

Applies to:

Oracle Agile PLM Framework - Version 9.3.6.0 to 9.3.6.0 [Release 9.3]
Oracle Agile Product Collaboration - Version 9.3.6.0 to 9.3.6.0 [Release 9.3]
Information in this document applies to any platform.

Symptoms

When Agile Web Client session timeouts and user refreshes browser to re-authenticate the session the browser is redirected back and forth between below two URLs:

The issue can be reproduced at will with the following steps:

  1. Configure and Deploy Single Sign on (SSO) with a SAML 2.0 Identity Provider (IDP)
  2. Set the TIMEOUT Session 5mins within Agile Java Client as Admin user.
  3. Launch Chrome Browser, and access to:  https://xxxxxxx.com/Agile/PLMServlet
  4. Give username and password, and log in.
  5. Redirected to SAML Identity provider & Authenticated in to Agile.
  6. Open a separate new Chrome browser window & leave the Agile login session to running.
  7. On the new Chrome browser, installed a new Chrome Extension (EditThisCookie)
  8. The window shows what is set in realtime:
    https://xxxxxxx.com/Agile/PLMServlet
    > xxxxxx.com | j_password
    > xxxxxx.com | j_username
    > xxxxxx.com | _WL_AUTHCOOKIE_JSESSIONID
    > xxxxxx.com | BIGipServerCS-AGILE-SB_POOL  --> they have loadbalance
    > xxxxxx.com | JSESSIONID  ---> Customer investigated this JSESSIONID  cookie is set against the Path /Agile  is being set by the Agile Application
    > xxxxxx.com | JSESSIONID
    > xxxxxx.com | WORKFLOW_ROUTING_DATE_FILTER

  9. Go Back to the Agile Application window; See the message:  Session Timed Out  Ok button; Click Ok button
    The browser is redirected back and forth between below two URLs:
    (Agile URL) xxxxx.com/Agile/PCMServlet
    (single sign-on URL - SAML Identity provider) sso.xxxxxx.com/ofis/Default.aspx?SAMLRequest=xxxxxxxxxxxxxxx,  looping back and forth and never resolves

  10. Go back to the other browser where the Chrome Extensions is running - (EditThisCookie)
    > xxxxxx.com | JSESSIONID  ---> DELETED the Path /Agile --->  This will stop the looping and allow to login.

Changes

Configure and Deploy SSO with a SAML 2.0 Identity Provider

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.