Sunday, February 23, 2014

Oracle Access Manager(OAM) 11g user not able to login to a protected resource intermittently

Hi All,

Recently I came across a weird intermittent login issue in OAM 11g protected resource when it's integrated with OAAM 11g. 

As far as I know there is only one place(OAM Admin console >> System configuration >> common settings) where we can change the max session timeout. By default, Max session value will be 480 min. I got requirement to change the max session timeout from 8 hrs to 12 hrs. So I just changed the setting accordingly and bounced the services.

After increasing the max timeout setting user is not able to login all of sudden.

After so much struggle i found the pattern of the issue. User will not be able to login starting from 8th hour of user last login and before 12th hour(Essentially, user will not be able to login for period of 4 hrs). Once clock hits 12th hour user can login as usual. 

Then finally after discussing with Oracle support there they provided a fix for this issue.

Here is the solution:

1. On the Admin Server, take a backup of the $DOMAIN_HOME/config/fmwconfig/oam-config.xml
2. Edit the oam-config.xml file, searching for CredentialValidityInterval (this defaults to 480 minutes, or 8 hours)
3. Change this field to match the configured OAM session timeout
4. Find the Version field, eg:

<Setting Name="NotificationLockWait" Type="xsd:integer">20000</Setting>
<Setting Name="Version" Type="xsd:integer">120</Setting>
<Setting Name="DataCenterConfiguration" Type="htf:map">

and increment the version value:

<Setting Name="NotificationLockWait" Type="xsd:integer">20000</Setting>
<Setting Name="Version" Type="xsd:integer">121</Setting>
<Setting Name="DataCenterConfiguration" Type="htf:map">

Then, Bounce OAM services and test the scenario.

Siva Pokuri

No comments:

Post a Comment