Morning,
I have been trying to work out what is wrong with my Webgate and OAM 11.1.1.3.0 install.
If I go to https://somehost.com/index.html I get redirected to the Login Page for OAM.
However if I go to https://somehost.com/index.html?query=1+1 I get the Action Failed page and the following in the log
<Aug 9, 2011 9:53:13 AM EST> <Error> <oracle.oam.proxy.oam> <BEA-000000> <Query Validate Hash and generated validate hash do not match. Created VHash d7cVRmwz96t9bpcPf7j7/w== Query VHash 7W9ikVHlLklwtqkPgpDl+g==>
<Aug 9, 2011 9:53:13 AM EST> <Error> <oracle.oam.proxy.oam> <BEA-000000> <Obrareq query string integrity check failed>
<Aug 9, 2011 9:53:13 AM EST> <Error> <oracle.oam.binding> <OAM-00002> <Error occurred while handling the request.
java.lang.RuntimeException: Obrareq query string integrity check failed
at oracle.security.am.proxy.oam.pbl.plugin.OAMProxyEngine.handleOAMLoginRequest(OAMProxyEngine.java:254)
It would appear that there is an issue with it accepting Query String that have been URL Encoded.
I have tried to find documentation on this issue but it seems very thin on the ground.
Using Windows 2008R2 64 bit as the OS.
NIrving
Edit:
Okay found out what is happening, but not sure how to fix it.
oracle.security.am.common.nap.util.encryptor.CookieEncryptor has a method createValidationHash which takes as input the following
xxxxxxxxxxxxxxxxxxxxxxx==somehost.com/index.html?query=1 11https://somehost.com/index.htmlquery=1+1xxxxxxxxxxxxxxxxxxxxxxxx==
which generates
d7cVRmwz96t9bpcPf7j7/w==
If I change the string to
xxxxxxxxxxxxxxxxxxxxxxx==somehost.com/index.html?query=1+11https://somehost.com/index.htmlquery=1+1xxxxxxxxxxxxxxxxxxxxxxxx==
it generates
7W9ikVHlLklwtqkPgpDl+g==
There is a + added.
So it looks like the WebGate plugin generates the validation hash correctly, but OAM messes it up.
Edited by: 878101 on 08-Aug-2011 20:32