Two ObSSOCookie are getting created after OAM authentication

Problem Description:

IDM server and portal server are running in different box. In IDM box, osinfra 10.1.4.3(OID, OC4J, http) services and OAM 10.1.4.3 are running.OID is using for IDM SSO user store. In Portal server, oracle 11g (portal application) and osinfra 10.1.4.3 (OID, OC4J, and http) services are running in same box. OID is using for portal SSO user store. Here we have two osinfra servers one for IDM-OAM and another one for PORTAL-OSSO.

We have 10 different applications in our project. Portal is one among those applications which is used to access all other applications. Portal have two tier, one is infra (IDM application server) and portal application server (Weblogic). Weblogic server is register in portal IDM OSSO. Portal application URL protected by OAM, its running in different box. After SSO integration we are able to login into portal but unable to login into other applications and we are getting login page again. All other application will be display in portal.

Note: SSO integration for all other application is done already.

Cause:

Two ObSSOCookie are getting created.

Reason:

1. Portal is configured with the short hostname for SSO login i.e. http://hostname:7777  instead of Full qualified domain name i.e. http://hostname.doaminname:7777.2. The OAM authn scheme is configured with Challenge Redirect with Full qualified domain name i.e. http://hostname.doaminname:7777.3. The combination of 1 & 2 causes two ObSSOCookies to be set (one for http://hostname:7777and one for .doaminname) during login where only one domain cookie should be.4. Portal is configured to use http://hostname:7777 for OSSO login but the second ‘integration’ application is configured to use http://hostaname.domainname:7007 for OSSO login. For Single Sign-On between different partner applications, they must all reference the same OSSO login site.

Solution:

1.       Re-configure Portal for a New SSO Hostname and/or Port.( Doc ID 558634.1)

2.       Above issue get vanished after applied the action plans specified in the mentioned metalink.

About the Author sarath

An Oracle Identity and Access Management professional, having working on Oracle Access Manager Single Sign-On implementations, Installation/Configuration of Identity Server, Web Pass, Web Gate, Access Gate, Policy Manager, Access Server, Policy Domains, Authentication /Authorization schemes, Single Sign-On (single and multi-domain), OIM, OVD, OID, OAAM, OIF, High Availability/Failover/ SSL deployment.

Leave a Comment: