“Internet Explorer Cannot Download” Error Message When Opening UCM Content (doc/rtf/xls/ppt) files in IE
Issue- When opening Microsoft office files (rtf/xls etc) from UCM content server (Integrated with OAM for SSO) users were getting below error:-
“Internet Explorer cannot download <xxxx.doc> from<server>Internet Explorere was not able to open this Internet Site.The requested site is either unavailable or cannot be found.Please try again later”
Works Fine for browsers like firefox ,chrome etc
In order for Internet Explorer to open documents in Office (or any out-of-process, ActiveX document server), Internet Explorer must save the file to the local cache directory and ask the associated application (MS Word / MS Excel) to load the file.
On tracing the HTTP headers response, It was found that below cache directives were being set:-
HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
Content-Length: 27648
X-ORACLE-DMS-ECID: 004hS^Twn_k5qYD_z9DCiW00015y000FKA
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/ms-excel
Content-Language: en
Due to the no-cache directives in the HTTP response header, the file is never stored to disk and the operation fails / file cannot be opened.
Next step was to cross check the issue on environment which was not SSO and the files were opening fine ,which clears that these cache directives were being set during SSO phase.
On checking the $DOMAIN_HOME/config/fmwconfig/oam-config.xml on oam server for the agent (webgate) registered for this UCM application, It was found below directives were set as:-
</Setting>
<Setting Name=”testucm_Agent” Type=”htf:map”>
<Setting Name=”cacheControlHeader” Type=”xsd:string”>no-cache</Setting>
<Setting Name=”cachePragmaHeader” Type=”xsd:string”>no-cache</Setting>
This clears, the issue is caused by the cache settings in Oracle Access Manager (OAM) WebGate.
By default, when you provision a webgate agent in OAM, the CachePragmaHeader and CacheControlHeader are set to “no-cache”.
This prevents WebGate from caching data at the Web server application and the user’s browser.
Solution is to re-register the webgate agent using rreg tool and modify input request file to modify these cache attributes to “Public” or “Private” depending upon requirement.
For more details on which cache value to set ,please check this LINK section 14.9
Steps:–
1)Shutdown OHS instance on which the webgate is running.
2) Backup existing ObAccessClient.xml and Cwallet.sso under $OHS_INSTANCE/config/OHS/ohs1/webgate/config
3) Backup existing $OAM_DOMAIN_HOME/config/fmwconfig/oam-config.xml
4) De-register the Agent from OAM by login to OAM Administration Console ( default –http://server:<admin_port>/oamconsole) and navigate to System Configuration tab –> Agents–> OAM Agents –>11g Webgates
· Click the desired agent’s name (example – testucm_Agent ), click the Delete button in the tool bar, and confirm the removal in the Confirmation window.
· Confirm the Agent name is no longer listed in the navigation tree.
5)Navigate to Policy Configuration tab –>Shared Components –>Application Domains –> testucm_Agent
· Under Authentication Policies –> Protected resource Policy –> Delete all resources mentioned under “Resource URL” –>Then click Apply
Repeat above process for deleting all resources mentioned under application domain of Agent testucm_Agent:-
Authentication Policies –>Public Resource Policy
Authorization Policies –> Protected Resource Policy
Authorization Policies –> Public Resource Policy
6) Go To Policy Configuration –>Shared Components –> Host Identifiers –> select testucm_Hostid –> click on Delete icon. And Click Apply
7) Restart OAM Managed servers .Ensure servers status “Running” before proceeding.
Login to OAM server box and provision agent again by modifying the input request file as shown below:-
cd $ORACLE_HOME/oam/server/rreg/input
vi testucm.xml
Note:- This request xml file specific to agent will pre-exist from your earlier agent provisioning ,you just need to modify the existing one.
Add below 2 parameters :-
<cachePragmaHeader>public</cachePragmaHeader>
<cacheControlHeader>public</cacheControlHeader>
NOTE- Ensure all protected and public resources are listed for proper functioning of UCM integration
9) Run RReg tool
cd $ORACLE_HOME/oam/server/rreg/bin
./oamreg.sh inband input/testucm.xml
Once registered successfully, login to oamconsole and verify agent and agent application domain creation. Verify all is set as desired for integration.
Note :-You will have to reset the Authentication scheme for Protected resource Policy ,if you created any custom Authentication scheme.
10)Copy files generated on OAM server under $ORACLE_HOME/oam/server/rreg/output/testucm_Agent to Webgate OHS nodes location at:-
<OHS_INSTANCE_HOME>/config/OHS/ohs1/webgate/config/
And restart the ohs instances
Retest the issue by browsing the content server files(xls/rtf/ppt) in IE and this should open fine now.
Http Header response will now show:-
HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
Cache-Control: public
Pragma: public
Accept-Ranges: bytes
Content-Length: 173705
X-ORACLE-DMS-ECID: 004hfdwdIBy5qYD_z9DCiW0000Cl0001BF
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/vnd.openxmlformats
Content-Language: en
Reference Links:-
http://docs.oracle.com/cd/E15586_01/doc.1111/e15478/agents.htm#CIHHIHFE
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q316/4/31.asp&NoWebContent=1
Metalink Notes:–
Doc ID 1312785.1 UCM 11g with OAM 11g auth has Slow Performance In Internet Explorer Only
Doc ID 1312762.1 OAM 11g : How To Configure CachePragmaHeader And CacheControl Header In OAM 11g Without Admin Console