Skip to main content

So let’s say that you’re working in an environment that happens to have Oracle Access Manager (OAM) installed twice. Yep, two instances. Why? Most likely because larger corporations and institutions tend to make decisions that have no real thought behind them. Anywho, a problem that will arise is that if you’re using a global cookie with the .domain.com as your suffix, they will conflict and overwrite eachother. This will cause a wonderful behavior of being SSO’d into one system and when you visit the other system it will overwrite the cookie and kill your other session for you. Why? Because OAM uses a cookie name of ObSSOCookie as the default name. By method of standard practice and IT reasoning, your impulse would be to rename one of the cookies so that there are two separate cookies and that they can be used independently. Weeellllll, surprise surprise, you can’t. Oracle Access Manager will NOT allow you to change the name of the cookie. The official response from Oracle on this is that, “it’s a security issue”. I’m calling B.S. and attributing this to the bad practice of hard-coded variables.

So, yeah. If for whatever reason, you want to change the name of the ObSSOCookie that Oracle Access Manager uses for it’s single sign on purposes, you can’t.

On behalf of Oracle / Oblix… sorry =)