Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

OAM use wrong URL as origin

JRevyakinDec 12 2017 — edited Dec 21 2017

Hi everyone,

My current task is activate LB in front of WEB-server (OHS) with Webgate to provide Windows-authentication by OAM for OIM. My current setup with WEB-server as WEB-front works fine. All redirection work correctly. When I move configuration to LB (I use another instance of OHS for testing purpose) I have behavior with incorrect origin URL - when authentication is successfully done the solution redirect to WEB-server URL instead of LB URL.

My LB URL is https://webtst-00-01.oshbtst.local:4445/.

WEB-server URL is https://webtst-00-01.oshbtst.local:4443/ (another port number)

Below you can see that host in WLLogFile parsed as "Header from client:[Host]=[webtst-00-01.oshbtst.local:4443]".

Starting from this point all communication with Weblogic uses wrong origin URL and in the end I have redirection to https://webtst-00-01.oshbtst.local:4443.

2017-12-12T16:08:03.1786+02:00 <33215130876831> ================New Request: [GET /identity/ HTTP/1.1] =================
2017-12-12T16:08:03.1786+02:00 <33215130876831> INFO: SSL is configured
2017-12-12T16:08:03.1786+02:00 <33215130876831> Using Uri /identity/
2017-12-12T16:08:03.1786+02:00 <33215130876831> After trimming path: '/identity/'
2017-12-12T16:08:03.1786+02:00 <33215130876831> The final request string is '/identity/'
2017-12-12T16:08:03.1786+02:00 <33215130876831> parseServerList: Socket Address hostnames 'oimtst-00-01.oshbtst.local:14001'
2017-12-12T16:08:03.1786+02:00 <33215130876831> Host extracted from serverlist is [oimtst-00-01.oshbtst.local]
2017-12-12T16:08:03.1786+02:00 <33215130876831> parseServerList: trying IP addr 10.7.27.161
2017-12-12T16:08:03.1786+02:00 <33215130876831> parseServerList: socket and connect succeeded
2017-12-12T16:08:03.1786+02:00 <33215130876831> parseServerList:  IP from socket Address [10.7.27.161]
2017-12-12T16:08:03.1786+02:00 <33215130876831> Initializing lastIndex=0 for a list of length=1
2017-12-12T16:08:03.1786+02:00 <33215130876831> getListNode: created a new server node: id='oimtst-00-01.oshbtst.local:14001' server_name='WEBTST-00-01.OSHBTST.local', port='4443'
2017-12-12T16:08:03.1786+02:00 <33215130876831> getPreferred: availcookie=[OAMAuthnHintCookie=0@1513087654; ROUTEID=.2; OAM_REQ_0=invalid; OAM_REQ_COUNT=VERSION_4~1; OAM_ID=VERSION_4~
zdFFQHab+extc2R53thYcA==~SxPtS6WxkDApjN5fmLKcSL30zh7t13vM9BZrdP0a4/qbH+eV68QpQwlqnDM7oYt1Hr9MhtLQTuMMqYt8EAT+mmVJVAuOTSPs+mCdnV+QfUWmlH0JeWSPnysHNnulMBThrlUpVVkk1bkvHJlsUhR6/tVCFVuF7y
rBl0Cl/ihWACXhst9n27dsQqadWax+bDVQqN7NfGm5OPFKm2f36lvp9sp6wV1dQWNjS6P2viGH/3Ob55gNMcd9c9//euNXJZo+ir5VAbF3ZCCUcYAbpe+eqxY7fyENPj5ycgF6e6ewRmCSdtsktzF4W0o67UCRA34YtKtUXTpcB+YwxjJjEam62
g==]
2017-12-12T16:08:03.1786+02:00 <33215130876831> attempt #0 out of a max of 5
2017-12-12T16:08:03.1786+02:00 <33215130876831> keepAlive = 1, canRecycle = 1
2017-12-12T16:08:03.1786+02:00 <33215130876831> Trying a pooled connection for '10.7.27.161/14001/14001'
2017-12-12T16:08:03.1786+02:00 <33215130876831> getPooledConn: found a host and port/securePort match
2017-12-12T16:08:03.1786+02:00 <33215130876831> getPooledConn: No more connections in the pool for Host[10.7.27.161] Port[14001] SecurePort[14001]
2017-12-12T16:08:03.1786+02:00 <33215130876831> general list: trying connect to '10.7.27.161'/14001/14001 at line 2462 for '/identity/'
2017-12-12T16:08:03.1786+02:00 <33215130876831> URL::Connect: Connected successfully
2017-12-12T16:08:03.2099+02:00 <33215130876831> Local Port of the socket is 58220
2017-12-12T16:08:03.2099+02:00 <33215130876831> Remote Host 10.7.27.161 Remote Port 58220
2017-12-12T16:08:03.2099+02:00 <33215130876831> general list: created a new connection to '10.7.27.161'/14001 for '/identity/', Local port:58220
2017-12-12T16:08:03.2099+02:00 <33215130876831> Entering method BaseProxy::sendRequest
2017-12-12T16:08:03.2099+02:00 <33215130876831> Entering method BaseProxy::parse_headers
2017-12-12T16:08:03.2099+02:00 <33215130876831> No of headers =13
2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[Accept]=[text/html, application/xhtml+xml, */*]
2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[Accept-Language]=[en-US]
2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[User-Agent]=[Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko]
2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[Accept-Encoding]=[gzip, deflate]
2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[Host]=[webtst-00-01.oshbtst.local:4443]
2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[Connection]=[Keep-Alive]
2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[Cookie]=[OAMAuthnHintCookie=0@1513087654; ROUTEID=.2; OAM_REQ_0=invalid; OAM_REQ_COUNT=VERSION_4~1; OAM_ID=VERSION_
4~zdFFQHab+extc2R53thYcA==~SxPtS6WxkDApjN5fmLKcSL30zh7t13vM9BZrdP0a4/qbH+eV68QpQwlqnDM7oYt1Hr9MhtLQTuMMqYt8EAT+mmVJVAuOTSPs+mCdnV+QfUWmlH0JeWSPnysHNnulMBThrlUpVVkk1bkvHJlsUhR6/tVCFVuF
7yrBl0Cl/ihWACXhst9n27dsQqadWax+bDVQqN7NfGm5OPFKm2f36lvp9sp6wV1dQWNjS6P2viGH/3Ob55gNMcd9c9//euNXJZo+ir5VAbF3ZCCUcYAbpe+eqxY7fyENPj5ycgF6e6ewRmCSdtsktzF4W0o67UCRA34YtKtUXTpcB+YwxjJjEam
62g==]
2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[OAM_IMPERSONATOR_USER]=[]
2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[OAM_REMOTE_USER]=[IIVANOV]
2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[OAM_LAST_REAUTHENTICATION_TIME]=[Tue Dec 12 16:07:51 EET 2017]
2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[OAM_IDENTITY_DOMAIN]=[IDSPROFILE-OVD_profi]
2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[authenticatedState]=[OU4ySDkydUduOFdNN2g5ZXNYSEtLNDliLzVoMFVVbitvUk5XMDhIZktZM1FkVlJrQjNzTWt6NkphaURYQ1cyRDFhbnora1
MzRU5yMnMrM2N4eWtkajV5U3VnY01JVHFFRjdxWnc4MktQOWFBUmMwak9FZlJuMmZjTk4vMkU5RTVlSjJIVlA0aGZyNDBCMlpoNldZeHVSNmIzTGRqMDdzdWkzbHZ2NnhhRnVVTlZOdnBrZjk5ZGN1UmZFWXE3TisvdGtwSk9SVWt4MURDb1pWb
VhEeW9CQ0lGN2ZvKyt0cWNYMEpjU3NxNjJUZk40TWJSelZrcDVkSTlCMEZvZXZPQ2kySFhZV0MxcGNXbkd1dXVvZW9uYVN1VENDWHd6N3E3QXM4YUc0ZXdneWlKSEdtQll1RnpqRkIvYTIxMDIvUDlpbkVkYTN2dkJXd2JuSWhRNFo1YW4xdzdQ
ZzJBNExGUUJSSnFtMHV2WnZ5VWdyWFZTNHRFOWZ3dVRKYmJ4bTVYSEtiTi9BPQ==]
2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[ECID-Context]=[1.00ijfhqN^FVFw00Fzzw0w000005C00000C;k^jE]
2017-12-12T16:08:03.2099+02:00 <33215130876831> Exiting method BaseProxy::parse_headers
2017-12-12T16:08:03.2099+02:00 <33215130876831> parse_client_headers is done
2017-12-12T16:08:03.2099+02:00 <33215130876831> Method is GET

My LB config

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
Header add IS_SSL "ssl"
Header add WL-Proxy-SSL "true"
<Proxy "balancer://mycluster">
    BalancerMember "https://webtst-00-01.oshbtst.local:4443/identity" route=2
    ProxySet stickysession=ROUTEID
  </Proxy>
ProxyPass "/identity" "balancer://mycluster"
ProxyPassReverse "/identity" "balancer://mycluster"

My plugin config

<Location /identity>
     SetHandler weblogic-handler
     WLCookieName oimjsessionid
     WebLogicCluster oimtst-00-01.oshbtst.local:14001
     SecureProxy ON
     WLSSLWallet "D:/Oracle/wallet"
     Debug ALL
     WLLogFile "D:/Oracle/instances/WEB_HOST1/diagnostics/logs/OHS/oim_component.log"
#WLProxySSL ON
     WLProxySSLPassThrough ON
</Location>

Could you clarify me what happens?
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jan 18 2018
Added on Dec 12 2017
#identity-management, #identity-manager, #oam
5 comments
570 views