Showing posts with label 10g webgate. Show all posts
Showing posts with label 10g webgate. Show all posts

Friday, 18 January 2019

Error: The authentication scheme protecting the resource sets 'Secure' OAMAuthnCookie/ObSSOCookie, but the resource is not being accessed via secure http

Error Statement:

If the authentication scheme is configured to set "Secure" OAMAuthnCookie/ObSSOCookie and the user is accessing an insecure resource, the browser may enter an authentication browser loop. Show an error i.e.:

"The authentication scheme protecting the resource sets 'Secure' OAMAuthnCookie/ObSSOCookie, but the resource is not being accessed via secure http."


Workaround:

In authentication scheme, remove the following parameter & save the changes;

Syntax for 11g Webgate and OAMAuthnCookieSyntax for 10g Webgate and ObSSOCookie
ssoCookie=Secure
ssoCookie:Secure

Make sure changes are applied properly, as in the policy sync-up at OAM server happens successfully. 
You may restart the server instance (ohs/apache/iis etc) or you can wait for webgate cache clean. Try accessing the protected resource once again, you should be prompted for login.

Resolution:

Recheck you SSL settings at WebServer end.

References:



Enjoy :-)