After a full day of work some people working late started losing their session and were unable to log back on.
This applies to OAM 126.96.36.199.0 and later and the basic configuration was as follows:
Nothing out of the ordinary as you can see. The expected session lifetime is set to 12 hours (720 minutes) and idle timeout is set to 1 hour.
After a lot of digging, checking timeout values on the webgate, http server, load balancer and whatnot, it turned out that there is an undocumented setting in oam-config.xml called CredentialValidityInterval which defaults to 480 minutes (8 hours). After 8 hours users will hit this setting and lose session and the ability to log back in for another 4 hours.
The solution is simple, just edit the value of CredentialValidityInterval and increase it from 480 M to 720 M . Please remember to update the Version element of oam-config.xml or your changes will be ignored.
<Setting Name="SessionConfigurations" Type="htf:map"> ... <!-- Change this from 480 M to 720 M --> <Setting Name="CredentialValidityInterval" Type="htf:timeInterval">720 M</Setting> ... </Setting>
This finding has been documented at Oracle Support: