Agile SAML2.0 SSO Implementation - Agile Web Client Session Timeouts And Is Looping Back And Forth Between (Agile URL) & (Single Signon URL - SAML Identity Provider)
(Doc ID 2647230.1)
Last updated on FEBRUARY 21, 2023
Applies to:
Oracle Agile Product Collaboration - Version 9.3.6.0 and laterInformation in this document applies to any platform.
Symptoms
On : 9.3.6.0 version, Administration/Configuration
Agile SAML2.0 SSO Implementation
When Agile Web Client session timeouts and user refreshes browser to re-authenticate the session the browser is redirected back and forth between the
(Agile URL) xxxxx.com/Agile/PCMServlet & (single signon URL - SAML Identity provider) sso.xxxxxx.com/ofis/Default.aspx?SAMLRequest=xxxxxxxxxxxxxxx
The issue can be reproduced at will with the following steps:
1. Applied Oracle Agile PLM 9.3.6 RUP 12 (9.3.6.12) - Patch 30631158
2. Set the TIMEOUT Session 5mins within Agile Java Client as Admin user
3. Using Chrome Browser: https://xxxxxxx.com/Agile/PLMServlet
4. Login as user xxxxx
5. Redirected to our SAML Identity provider & Authenticated in to Agile
6. Open a separate new Chrome browser window & leave the Agile login session to running
7. On the new Chrome browser, installed a new Chrome Extension (EditThisCookie)
8. The window shows what is set in realtime:
https://xxxxxxx.com/Agile/PLMServlet
> xxxxxx.com | j_password
> xxxxxx.com | j_username
> xxxxxx.com | _WL_AUTHCOOKIE_JSESSIONID
> xxxxxx.com | BIGipServerCS-AGILE-SB_POOL --> they have loadbalance
> xxxxxx.com | JSESSIONID ---> Customer investigated this JSESSIONID cookie is set against the Path /Agile is being set by the Agile Application
> xxxxxx.com | JSESSIONID
> xxxxxx.com | WORKFLOW_ROUTING_DATE_FILTER
9. Go Back to the Agile Application window; See the message: Session Timed Out Ok button; Click Ok button
The browser is redirected back and forth between the:
(Agile URL) xxxxx.com/Agile/PCMServlet &
(single signon URL - SAML Identity provider) sso.xxxxxx.com/ofis/Default.aspx?SAMLRequest=xxxxxxxxxxxxxxx, looping back and forth and never resolves
10. Go back to the other browser where the Chrome Extentions is running - (EditThisCookie)
> xxxxxx.com | JSESSIONID ---> DELETED the Path /Agile ---> This will stop the looping and allow to login.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |