Skip to Main Content

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

OAM use wrong URL as origin

JRevyakinDec 12 2017 — edited Dec 21 2017

Hi everyone,

My current task is activate LB in front of WEB-server (OHS) with Webgate to provide Windows-authentication by OAM for OIM. My current setup with WEB-server as WEB-front works fine. All redirection work correctly. When I move configuration to LB (I use another instance of OHS for testing purpose) I have behavior with incorrect origin URL - when authentication is successfully done the solution redirect to WEB-server URL instead of LB URL.

My LB URL is https://webtst-00-01.oshbtst.local:4445/.

WEB-server URL is https://webtst-00-01.oshbtst.local:4443/ (another port number)

Below you can see that host in WLLogFile parsed as "Header from client:[Host]=[webtst-00-01.oshbtst.local:4443]".

Starting from this point all communication with Weblogic uses wrong origin URL and in the end I have redirection to https://webtst-00-01.oshbtst.local:4443.

2017-12-12T16:08:03.1786+02:00 <33215130876831> ================New Request: [GET /identity/ HTTP/1.1] =================

2017-12-12T16:08:03.1786+02:00 <33215130876831> INFO: SSL is configured

2017-12-12T16:08:03.1786+02:00 <33215130876831> Using Uri /identity/

2017-12-12T16:08:03.1786+02:00 <33215130876831> After trimming path: '/identity/'

2017-12-12T16:08:03.1786+02:00 <33215130876831> The final request string is '/identity/'

2017-12-12T16:08:03.1786+02:00 <33215130876831> parseServerList: Socket Address hostnames 'oimtst-00-01.oshbtst.local:14001'

2017-12-12T16:08:03.1786+02:00 <33215130876831> Host extracted from serverlist is [oimtst-00-01.oshbtst.local]

2017-12-12T16:08:03.1786+02:00 <33215130876831> parseServerList: trying IP addr 10.7.27.161

2017-12-12T16:08:03.1786+02:00 <33215130876831> parseServerList: socket and connect succeeded

2017-12-12T16:08:03.1786+02:00 <33215130876831> parseServerList:  IP from socket Address [10.7.27.161]

2017-12-12T16:08:03.1786+02:00 <33215130876831> Initializing lastIndex=0 for a list of length=1

2017-12-12T16:08:03.1786+02:00 <33215130876831> getListNode: created a new server node: id='oimtst-00-01.oshbtst.local:14001' server_name='WEBTST-00-01.OSHBTST.local', port='4443'

2017-12-12T16:08:03.1786+02:00 <33215130876831> getPreferred: availcookie=[OAMAuthnHintCookie=0@1513087654; ROUTEID=.2; OAM_REQ_0=invalid; OAM_REQ_COUNT=VERSION_4~1; OAM_ID=VERSION_4~

zdFFQHab+extc2R53thYcA==~SxPtS6WxkDApjN5fmLKcSL30zh7t13vM9BZrdP0a4/qbH+eV68QpQwlqnDM7oYt1Hr9MhtLQTuMMqYt8EAT+mmVJVAuOTSPs+mCdnV+QfUWmlH0JeWSPnysHNnulMBThrlUpVVkk1bkvHJlsUhR6/tVCFVuF7y

rBl0Cl/ihWACXhst9n27dsQqadWax+bDVQqN7NfGm5OPFKm2f36lvp9sp6wV1dQWNjS6P2viGH/3Ob55gNMcd9c9//euNXJZo+ir5VAbF3ZCCUcYAbpe+eqxY7fyENPj5ycgF6e6ewRmCSdtsktzF4W0o67UCRA34YtKtUXTpcB+YwxjJjEam62

g==]

2017-12-12T16:08:03.1786+02:00 <33215130876831> attempt #0 out of a max of 5

2017-12-12T16:08:03.1786+02:00 <33215130876831> keepAlive = 1, canRecycle = 1

2017-12-12T16:08:03.1786+02:00 <33215130876831> Trying a pooled connection for '10.7.27.161/14001/14001'

2017-12-12T16:08:03.1786+02:00 <33215130876831> getPooledConn: found a host and port/securePort match

2017-12-12T16:08:03.1786+02:00 <33215130876831> getPooledConn: No more connections in the pool for Host[10.7.27.161] Port[14001] SecurePort[14001]

2017-12-12T16:08:03.1786+02:00 <33215130876831> general list: trying connect to '10.7.27.161'/14001/14001 at line 2462 for '/identity/'

2017-12-12T16:08:03.1786+02:00 <33215130876831> URL::Connect: Connected successfully

2017-12-12T16:08:03.2099+02:00 <33215130876831> Local Port of the socket is 58220

2017-12-12T16:08:03.2099+02:00 <33215130876831> Remote Host 10.7.27.161 Remote Port 58220

2017-12-12T16:08:03.2099+02:00 <33215130876831> general list: created a new connection to '10.7.27.161'/14001 for '/identity/', Local port:58220

2017-12-12T16:08:03.2099+02:00 <33215130876831> Entering method BaseProxy::sendRequest

2017-12-12T16:08:03.2099+02:00 <33215130876831> Entering method BaseProxy::parse_headers

2017-12-12T16:08:03.2099+02:00 <33215130876831> No of headers =13

2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[Accept]=[text/html, application/xhtml+xml, */*]

2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[Accept-Language]=[en-US]

2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[User-Agent]=[Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko]

2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[Accept-Encoding]=[gzip, deflate]

2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[Host]=[webtst-00-01.oshbtst.local:4443]

2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[Connection]=[Keep-Alive]

2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[Cookie]=[OAMAuthnHintCookie=0@1513087654; ROUTEID=.2; OAM_REQ_0=invalid; OAM_REQ_COUNT=VERSION_4~1; OAM_ID=VERSION_

4~zdFFQHab+extc2R53thYcA==~SxPtS6WxkDApjN5fmLKcSL30zh7t13vM9BZrdP0a4/qbH+eV68QpQwlqnDM7oYt1Hr9MhtLQTuMMqYt8EAT+mmVJVAuOTSPs+mCdnV+QfUWmlH0JeWSPnysHNnulMBThrlUpVVkk1bkvHJlsUhR6/tVCFVuF

7yrBl0Cl/ihWACXhst9n27dsQqadWax+bDVQqN7NfGm5OPFKm2f36lvp9sp6wV1dQWNjS6P2viGH/3Ob55gNMcd9c9//euNXJZo+ir5VAbF3ZCCUcYAbpe+eqxY7fyENPj5ycgF6e6ewRmCSdtsktzF4W0o67UCRA34YtKtUXTpcB+YwxjJjEam

62g==]

2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[OAM_IMPERSONATOR_USER]=[]

2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[OAM_REMOTE_USER]=[IIVANOV]

2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[OAM_LAST_REAUTHENTICATION_TIME]=[Tue Dec 12 16:07:51 EET 2017]

2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[OAM_IDENTITY_DOMAIN]=[IDSPROFILE-OVD_profi]

2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[authenticatedState]=[OU4ySDkydUduOFdNN2g5ZXNYSEtLNDliLzVoMFVVbitvUk5XMDhIZktZM1FkVlJrQjNzTWt6NkphaURYQ1cyRDFhbnora1

MzRU5yMnMrM2N4eWtkajV5U3VnY01JVHFFRjdxWnc4MktQOWFBUmMwak9FZlJuMmZjTk4vMkU5RTVlSjJIVlA0aGZyNDBCMlpoNldZeHVSNmIzTGRqMDdzdWkzbHZ2NnhhRnVVTlZOdnBrZjk5ZGN1UmZFWXE3TisvdGtwSk9SVWt4MURDb1pWb

VhEeW9CQ0lGN2ZvKyt0cWNYMEpjU3NxNjJUZk40TWJSelZrcDVkSTlCMEZvZXZPQ2kySFhZV0MxcGNXbkd1dXVvZW9uYVN1VENDWHd6N3E3QXM4YUc0ZXdneWlKSEdtQll1RnpqRkIvYTIxMDIvUDlpbkVkYTN2dkJXd2JuSWhRNFo1YW4xdzdQ

ZzJBNExGUUJSSnFtMHV2WnZ5VWdyWFZTNHRFOWZ3dVRKYmJ4bTVYSEtiTi9BPQ==]

2017-12-12T16:08:03.2099+02:00 <33215130876831> Header from client:[ECID-Context]=[1.00ijfhqN^FVFw00Fzzw0w000005C00000C;k^jE]

2017-12-12T16:08:03.2099+02:00 <33215130876831> Exiting method BaseProxy::parse_headers

2017-12-12T16:08:03.2099+02:00 <33215130876831> parse_client_headers is done

2017-12-12T16:08:03.2099+02:00 <33215130876831> Method is GET

My LB config

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED

Header add IS_SSL "ssl"

Header add WL-Proxy-SSL "true"

<Proxy "balancer://mycluster">

    BalancerMember "https://webtst-00-01.oshbtst.local:4443/identity" route=2

    ProxySet stickysession=ROUTEID

  </Proxy>

ProxyPass "/identity" "balancer://mycluster"

ProxyPassReverse "/identity" "balancer://mycluster"

My plugin config

<Location /identity>

     SetHandler weblogic-handler

     WLCookieName oimjsessionid

     WebLogicCluster oimtst-00-01.oshbtst.local:14001

     SecureProxy ON

     WLSSLWallet "D:/Oracle/wallet"

     Debug ALL

     WLLogFile "D:/Oracle/instances/WEB_HOST1/diagnostics/logs/OHS/oim_component.log"

#WLProxySSL ON

     WLProxySSLPassThrough ON

</Location>

Could you clarify me what happens?

Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jan 18 2018
Added on Dec 12 2017
5 comments
570 views