OAM : Custom Login Page Times out after 15 mins (Prior to User Login)

Product Versions : 
OAM 11.1.2.2.0, OHS 11.1.1.7 , Webgate for OHS - 11.1.2.2, Weblogic Server 10.3.6
Single Sign On implemented with WebCenter Custom Portal & WebCenter Content 11.1.1.8
A custom login page was used instead of the OOTB Login Page provided by Oracle.

Issue Summary : 

If User stays idle on custom login page (without having logged in) for  more than 15 mins and then tries to login, he is redirected to a blue screen/error page which says 'System error, please contact your administrator'

Error Logs -

Error occurred while handling the request.

Supplemental Detail     java.lang.RuntimeException:   Authentication request Timed out. Eapsed time in min: 79560 at oracle.security.am.controller.BaseRequest.updateObjectWithCachedMap(BaseRequest.java:482)

  

Note - 
If the user logs in to the application before 15 mins, the SSO enabled application honours the timeout values:

Webgate level 'Max Session Time' = 60 mins

OAM Console - Common Settings 'Idle Timeout' = 65 mins

The user has connected to the custom authentication page but not logged in yet. So there is no user session yet. The user just idles for a while and then attempts to login and gets the error - The 'Idle Timeout' is only applicable to logged-in sessions. The timeout we are hitting is the 'Request Time Out' which is somehow hardcoded by Oracle to 15 mins.

Solution :
This is a pretty weird Oracle Bug ! Workaround is as follows :

Add a meta tag such as following one behind <head> in the custom login page.
    <meta http-equiv="refresh" content="890; URL=http://host.example.com/public/public.html">
The Http mechanism for a meta tag is described on:  http://www.w3schools.com/tags/att_meta_http_equiv.asp

The time value of 890 seconds comes from :
The idle time of 15 minutes set by OAM minus 10 seconds, that is:
         => (15*60=900)  minus (tolerance time of 10 second)
If the user stays now for 890 seconds on the custom login page, the browser will bring him back to a public page as defined with URL  (http://host.example.com/public/public.html).

References : Doc Id 1908294.1

OAM 11gR2/Weblogic : The important of parameters in mod_wl_ohs.conf(Web Server plugins)

Configurations of various parameters in web server plugins plays in a major part in ensuring that Single-Sign-On works fine using OAM.

Oracle Documentation -
http://docs.oracle.com/cd/E23943_01/web.1111/e14395/plugin_params.htm

This post is intended to share my experiences with certain parameters and the repercussions if you don't include them :)

WLProxyPassThrough
WLProxySSl works great if webserver is doing the SSL work. But if SSL being terminated by a load balancer then mod_wl will remove any incoming WL-Proxy-SSL and the request will reach OHS over HTTP this means that the WebLogic server won't ever get that header and so request.isSecure() will always return false. If you add that directive and set it to ON then the WebLogic plug-in will not remove any incoming WL-Proxy-SSL header. This lets WebLogic Server know that the original request was initiated over SSL.  WL-Proxy-SSL header should not be sent if the inbound traffic to the load balancer was not SSL (HTTPS).

Error Scenario : 
Once I added this parameter for under the <if weblogic_module> tag and set it to true, this issue no longer reccurred .




WLCookieName
If you change the name of the WebLogic Server session cookie in the WebLogic Server Web application, you need to change the WLCookieName parameter in the plug-in to the same value. The name of the WebLogic session cookie is set in the WebLogic-specific deployment descriptor, in the <session-descriptor> element.

Error Scenario :
The Webcenter Portal application I was implementing SSO using OAM for, had changed the weblogic session cookie name to a non-JSESSION ID value for some reason.
This was not giving me any issues until I was configuring "Weblogic Cluster" value(instead of "Weblogic Host") in the OHS layer pointing to the Webcenter managed servers.Once I did so,the Webcenter Portal page would not load and instead would give me a flickering page with consistently changing values of adf_ctrl.state and the page would not load up.
This issue was resolved once I added WLCookieName <cookieName> under the context root tag for the Webcenter Portal app in mod_wl_ohs.conf

This post is also relevant in this regard.