• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


    Company

  • Categories

  • Archive

  • Session Management in #OAM 11g : SME , Idle Timeout, Session Lifetime

    Posted by "" in "oam, Session" on 2010-09-23

    This post covers key points related to Session Manager in Oracle Access Manager (OAM) 11g. For step by step installation of OAM 11g click here

    OAM – Oracle Access Manager (Web Access Management and Web SSO solution from Oracle)
    SME – Session Management Engine (component of OAM)

    .

    Key Points for Session Management in OAM 11g

    1. OAM 10g was stateless application where as in OAM 11g, user session is stateful (For list of difference between OAM 10g & 11g click here ).

    2. In OAM 11g User Session Data is stateful and stored at following places
    a) Local In-Memory Cache of each Managed Server on which OAM is running (oam_server1 on port 14100)
    b) Distributed In-Memory Cache shared by all Managed Server on which OAM is running (For OAM 11g deployment in Cluster) using Coherence
    c) Optionally in Database (under schema [prefix]_OAM created using RCU). To know more about RCU here 

    3. During install time (while running config.sh to create WebLogic domain), you select “Oracle Access Manager with Database Policy Store” which configures Policy Store and Session Store to database.

    4. In OAM 11g (by default) Policy Data & User session data is stored in single database (details under $DOMAIN_HOME/config/jdbc/oam-db-jdbc.xml) under one schema however it is possible to configure OAM Policy Data in to one database and user session data in another database.

    5. To configure User Session Data to different database check steps here 
     This is done by editing datasource jdbc/oamds under SmeDb in $DOMAIN_HOME/config/fmwconfig/oam-config.xml


    6.
    Default User Session Datastore used by OAM is using oamDS JDBC datastore

    .
    7. There are three settings which determines User Session Lifecycle  – Session Lifetime, Idle Timeout, Maximum Number of Sessions per User

    These settings can be configured via http://serverName:port/oamconsole (Where Port is Admin Server Port – default 7001) -> System Configuration -> Server Instances -> Session

    a) Session Lifetime : 480 minutes – User Session will expire after this period (even active user session)
    b) Idle Timeout : 15 minutes – User Session will expire for any idle session for 15 minutes
    c) Maximum Number of Sessions per User : 8  # User can have multiple session in OAM 11g

    .

    8. Administrator can Manage Active User Sessions (Find & Delete) from OAM Console  http://serverName:port/oamconsole (Where Port is Admin Server Port – default 7001) -> System Configuration -> System Utilitiess -> Session Management

    9. User session is stored in database (if configured) under tables : OAM_SESSION, OAM_SESSION_ATTRIBUTE

    Related Posts for Access Manager


    1. Integration Steps – 10g AS with OAM (COREid)
    2. OAS – OAM (Access Manager / Oblix COREid) Integration Architecture
    3. Oblix COREid and Oracle Identity Management
    4. Installing Oracle Access Manager (Oblix COREid / Netpoint)
    5. Oracle Access Manager (Oblix COREid) 10.1.4.2 Upgrade
    6. Access Manager: WebGate Request Flow
    7. Introduction to Oracle Access manager : Identity and Access System – WebPass , Webgate, Policy Manager
    8. Certified Directory Server (AD, OID, Tivoli, Novell, Sun or OVD) and their version with Oracle Access Manager
    9. Install Oracle Access Manager (OAM) 10.1.4.3 Identity Server, WebPass, Policy Manager, Access Server, WebGate
    10. Multi-Language or multi-lingual Support/Documentation for Oracle Access Manager (OAM)
    11. OAM Policy Manager Setup Issue “Error in setting Policy Domain Root” : OAM with AD and Dynamic Auxiliary Class
    12. OAM 10.1.4.3 Installation Part II – Indentity Server Installation
    13. OAMCFGTOOL : OAM Configuration Tool for Fusion Middleware 11g (SOA/WebCenter) Integration with OAM
    14. Oracle Access Manager Installation Part III : Install WebPass
    15. OAM : Access Server Service Missing when installing Access Manager with ADSI for AD on Windows
    16. OAM : Create User Identity – You do not have sufficient rights : Create User Workflow
    17. Password Policy in Oracle Access Manager #OAM
    18. Changes in Oracle Access Manager 11g R1 (11.1.1.3)
    19. Agents in OAM 11g (WebGate 10g/11g, OSSO/mod_osso, AccessGate IDM Domain agent) aka PEP (Policy Enforcement Points)
    20. How to install Patches in Oracle Access Manager 10g : Bundle Patch / BPXX
    21. Session Management in #OAM 11g : SME , Idle Timeout, Session Lifetime
    22. Part IX : Install OAM Agent – 11g WebGate with OAM 11g
    23. How to integrate OAM 11g with OID 11g for User/Identity Store
    24. How to install Bundle Patch (BP) on OAM 11.1.1.3 – BP02 (10368022) OAM 11.1.1.3.2
    25. Error starting OAM on IBM AIX : AMInitServlet : failed to preload on startup oam java. lang. Exception InInitializer Error
    26. OAMCFG-60024 The LDAP operation failed. OAMCFG-60014 Oracle Access Manager is not configured with this directory
    27. How to Edit (create, delete, modify) Identity Store of OAM 11g from command line (WLST) – editUserIdentityStoreConfig
    28. OAM WebGate Registration RREG – Resource URL format is not valid
    29. Blank Screen on OAM 10g Identity Server Console : /identity/oblix
    30. Oracle 10g/11g webgate software download location
    31. How to find Webgate 10g/11g Version and Patches Applied
    32. OAM integration with OIF : Authentication Engine or Service Provider
    33. OAM 11g integration with Microsoft Windows Active Directory (WNA, IWA, Kerberos) for Zero Sign-On
    34. OAM 11g : How to change Security Mode (OPEN, SIMPLE, CERT) – WebGate to Access Server Communication
    35. Forgot Password link on OAM Login Page
    36. OIM-OAM-OAAM integration – Account Lockout in OAM obLoginTryCount , oblockouttime, MaxRetryLimit
    37. How to identify which LDAP (OID/AD/OVD) server OAM 11g connects to and as what user ?
    38. OAM 10g WebGate installation failed with Sorry Invalid User or Invalid Group
    39. Beware if you are running OAM in SIMPLE mode with 10g WebGate : Oracle AccessGate API is not initialized
    40. Troubleshooting : 11g WebGate with OHS 11g integrated with OAM 11g : OBWebGate_AuthnAndAuthz: Oracle AccessGate API is not initialized
    41. Deploying OAM in high availability across data centres in Active Active cluster : New Feature in OAM 11gR2 PS2
    42. New OAMConsole in OAM 11gR2 PS2 : Enabling Federation, STS, Mobile & Social in Oracle Access Management Suite 11.1.2.2

    7 Responses to “Session Management in #OAM 11g : SME , Idle Timeout, Session Lifetime”

    1. Mahendra says:

      Nice one, Atul.

    2. Pal says:

      Nice article Atul. Quick question on this topic.
      If the OAM server goes down periodically or showing access error, do you think that the session lifetime, idle timeout and number of sessions per user- parameters can be the cause. After restarting the oam server the error goes away. Any thoughts on this?

      Thanks.

    3. Deepa says:

      Thank you Atul for your very useful blogs .. which helps immensely as a quick reference guide in configuring Oracle products.

      Have a doubt about “Maximum Number of Sessions per User” setting in OAM 11g.
      If I set this to “1”, will it:
      A) prevent User to login more than once concurrently
      OR
      B) terminate the previous session & consider the latest session in case of concurrent logins

      I need it to work as given in B). Is there any way I can do it?

      Thanks again

    4. Antony says:

      I am having a requiremnt in Session Management. I am having custom login page in .net. After successful authentication user will be validated for OTP which is a JSP page whether user is single factor or 2 factor. Which is protected by OAM. Before validating OTP for user I need to write a code to verify: 1.If user session already exists or not? 2.a) If session exists, user should get a page with options of, to continue with old session or new session. I. If user clicks on old session, then user will be logged out from current session and can continue old session. II. If user clicks on new session, then user old session will be terminated and continues with new session. b) If user session not exists, then user will log into App after validating otp. Can some one please give me an idea Thanks in Advance.

    5. Antony says:

      Hi Atul,

      We had developed OTP plug-in already. We want to use the new code before OTP validation.

    6. Antony says:

      I have a requirement:
      If an attempt is made to initiate another session (either through another browser on the same device or on a new device) when an authenticated session is active, the integrity of the initial session must be maintained and the new attempt should be denied.

      May i know if there is any solution for the requirement.

      Note: Iam using OAM 11.1.1.5.3

      Thanks

    Leave a Reply



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP
    TOP