Product Versions :
OAM 11.1.2.2.0, OHS 11.1.1.7 , Webgate for OHS - 11.1.2.2, Weblogic Server 10.3.6
Single Sign On implemented with WebCenter Custom Portal & WebCenter Content 11.1.1.8
A custom login page was used instead of the OOTB Login Page provided by Oracle.
Issue Summary :
If User
stays idle on custom login page (without having logged in) for more than 15 mins and then tries to login,
he is redirected to a blue screen/error page which says 'System error, please contact your
administrator'
Error Logs -
Error
occurred while handling the request.
Supplemental
Detail java.lang.RuntimeException: Authentication
request Timed out. Eapsed time in min: 79560 at
oracle.security.am.controller.BaseRequest.updateObjectWithCachedMap(BaseRequest.java:482)
Note -
If the user logs in to the application before 15 mins, the SSO enabled application honours the timeout values:
Webgate level 'Max Session Time' = 60 mins
OAM Console - Common Settings 'Idle Timeout' = 65 mins
The user has connected to the custom authentication page but not logged in yet. So there is no user session yet. The user just idles for a while and then attempts to login and gets the error - The 'Idle Timeout' is only applicable to logged-in sessions. The timeout we are hitting is the 'Request Time Out' which is somehow hardcoded by Oracle to 15 mins.
Solution :
This is a pretty weird Oracle Bug ! Workaround is as follows :
Add a meta tag such as following one behind <head> in the custom login page.
<meta http-equiv="refresh" content="890; URL=http://host.example.com/public/public.html">
The Http mechanism for a meta tag is described on: http://www.w3schools.com/tags/att_meta_http_equiv.asp
The time value of 890 seconds comes from :
The idle time of 15 minutes set by OAM minus 10 seconds, that is:
=> (15*60=900) minus (tolerance time of 10 second)
If
the user stays now for 890 seconds on the custom login page, the
browser will bring him back to a public page as defined with URL (http://host.example.com/public/public.html).
References : Doc Id 1908294.1
