The Issues :-
My OIF server is integrated with OAM for authentication. I used a JSP based form login to collect credential when User makes an IntitateSSO call. I started seeing this error in OIF logs. This is very much reproducible in clustered OAM and OIF servers.
FED-15132: Unknown refID
Cause: User previously accessed the Oracle Identity Federation server with a different host name than the one in the current request and cookies were not transmitted.
Action: Use the same hostname and fully qualified domain URL to access the Oracle Identity Federation
Cause: User previously accessed the Oracle Identity Federation server with a different host name than the one in the current request and cookies were not transmitted.
Action: Use the same hostname and fully qualified domain URL to access the Oracle Identity Federation
FED-15128: An internal error occurred while processing the credentials Cause: The authentication engine did not return the required refID
parameter.
Action: Check that the authentication flow correctly sent the refID parameter to the Oracle Identity Federation server
Whats Going on under the hood :-
The OIF servers is a J2EE application runs on weblogic server which creates a JSessionId. My custom jsp based form login is also another J2EE application deployed on OAM server. When this login page is invoked, it also create a JSession Id. To add a pinch of salt to this issue, I am using same load balancer address (e.g. sso.abc.com) to access multiple Weblogic applications. They all try to use the same JSessionId cookie, which is issued to domain=sso.abc.com path=/. Now my custom form login session is clashing with OIF's session that is created inside OIF after successful authentication.
Solution :-
You may have already guessed it. Open the weblogic.xml file of you custom Login Form war file and add the followings .
<session-descriptor>
<cookie-name> MyJSessionId </cookie-name>
</session-descriptor>Action: Check that the authentication flow correctly sent the refID parameter to the Oracle Identity Federation server
Whats Going on under the hood :-
The OIF servers is a J2EE application runs on weblogic server which creates a JSessionId. My custom jsp based form login is also another J2EE application deployed on OAM server. When this login page is invoked, it also create a JSession Id. To add a pinch of salt to this issue, I am using same load balancer address (e.g. sso.abc.com) to access multiple Weblogic applications. They all try to use the same JSessionId cookie, which is issued to domain=sso.abc.com path=/. Now my custom form login session is clashing with OIF's session that is created inside OIF after successful authentication.
Solution :-
You may have already guessed it. Open the weblogic.xml file of you custom Login Form war file and add the followings .
<session-descriptor>
<cookie-name> MyJSessionId </cookie-name>
Basically, you are instructing Weblogic server to create a custom JSessionId (MyJessionId) for your Form login to avoid clashing with OIF's session.