OAM WebGate not intercepting requests: Troubleshooting Tips

Hi all,

Today, I have faced a common error where WebGate installed on OHS 11g is not intercepting the HTTP requests and thought its worth sharing. So, I would like to write the root cause of our issue and other points for troubleshooting.

The background of this is there is a custom portal application deployed in a webserver at backend. We are using OHS 11g as front end for proxying all the backend servers. Hence, we have installed a OHS 11g WebGate on proxy server.

This is followed by creating a Policy domain for protecting resources and assigning Authentication Scheme etc.,

When we test a specific page which is protected in Policy Domain using Access Tester, it gives expected behaviour.  When we test the same in browser accessing the protected resource, it is displayed without OAM WebGate intercepting the request.

There are different points to be followed to troubleshoot this.

  1. Need to check the time sync between WebGate and Access Server machines.
  2. Try to ping the Access Server port from WebGate machine to check whether the port is port in Firewall or not.
  3. We have to ensure that we are using the right Host Identifiers which is configured in Access System Console. Needs to add all possible hostnames, domain name and ip address with port numbers. To elaborate, the Preferred HTTP Host identifier mentioned in the WebGate profile should be available in the Host Identifiers defined in the Access Console exactly. For instance, even if your webserver is running on 80 port, you should mention the preferred http host identifier in WebGate profile as WebServerHost:80 and the same combination should be available in Host Identifiers of Access Console.
  4. Needs to check the WebGate profiles for WebGate Hostname, Preferred Host Identifiers which should be webgate_webserver_hostname:port*****. This is really important which is the root cause in our case.
  5. Also, if we are installing the webgate on proxy server, it is good to make IP validation field as No since the proxy server does not show the actual IP.
  6. If you had specified wrong details in WebGate profile, then it will prompt when you enter the WebGate and Access Server details while  installing the WebGate.
  7. After the webgate is installed, ensure to check whether the webgate is installed properly by accessing the following URL.
  8. http://webgate_webserver_hostname:port/access/oblix/apps/webgate/bin/webgate.cgi?progid=1

Just in case if you feel I have missed any other points, please let me know.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

10 comments
Add Your Reply