Troubleshooting : 11g WebGate with OHS 11g integrated with OAM 11g : OBWebGate_AuthnAndAuthz: Oracle AccessGate API is not initialized
I discussed about issue Oracle AccessGate API is not initialized with OAM 11g with WebGate 10g where CERTIFICATES expired . In this post I am going to cover similar issue but in OAM 11g version.
After integrating OAM 11g WebGate for OHS with OAM 11g Server version configured in SIMPLE (this issue could be with CERT as well), I was unable to access resource via OHS.
In OHS Error logs at $ORACLE_INSTANCE/diagnostics/logs/OHS/ohs1/ohs1.log
________
[2013-10-05T23:40:30.2335+01:00] [OHS] [ERROR:32] [OHS-9999] [core.c] [client_id: 127.0.0.1] [host_id: ohs_host] [host_addr: 192.168.1.12] [tid: 47414834960704] [user: oracle] [ecid: 004u0ORAPh7EkJWjLxiOOA0006uI00000L] [rid: 0] [VirtualHost: main] OBWebGate_AuthnAndAuthz: Oracle AccessGate API is not initialized.
[2013-10-05T23:40:30.2339+01:00] [OHS] [ERROR:32] [OHS-9999] [core.c] [client_id: 127.0.0.1] [host_id: ohs_host] [host_addr: 192.168.1.12] [tid: 47414834960704] [user: oracle] [ecid: 004u0ORAPh7EkJWjLxiOOA0006uI00000L] [rid: 0] [VirtualHost: main] Request Failed for : /index.html, Resp Code : [500]
________
In Oblix logs (OAM is product from Oblix that Oracle acquired in 2005) at $ORACLE_INSTANCE/diagnostics/logs/OHS/ohs1/oblog.log
________
2013/10/05@22:43:10.23081 28337 28356 ACCESS_GATE FATAL 0x00001520 /ade/aime_50561/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:598 “Exception thrown during WebGate initialization” 2013/10/05@22:43:10.23095 28337 28356 ACCESS_GATE FATAL 0x0000181C /ade/aime_50561/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:599 “Oracle AccessGate API is not initialized.” raw_code^204
________
If you encounter this issue, check if WebGate (configured on OHS server) can connect to OAM Server on port mentioned in primary_server_list . OAM server details are stored in WebGate configuration file (on OHS server) at $ORACLE_INSTANCE/ config/ OHS/ ohs1/ webgate/ config/ObAccessClient.xml (other files generated based on password selected for Agent and OAM server mode (SIMPLE or CERT) password.xml, cwallet.sso, aaa_cert.pem, aaa_key.pem)
Look for entry like
ListName=”primary_server_list”><ValListMember Value=”oamhost1:5575“>
Check mode of OAM Server and if this is SIMPLE or CERT then you should see files aaa_cert.pem & aaa_key.pem under folder $ORACLE_INSTANCE/ config/ OHS/ ohs1/ webgate/ config/ simple
Note: OAM can be configured in one of three modes OPEN, SIMPLE, CERT , for steps to change communication MODE in OAM click here
Issue: In my case .pem file under folder simple were missing (other reason could be that files are there but certificate inside these files are expired)
Note: These files are generated on OAM server under
a) If WebGate instance is created using RREG then files will be generated under $OAM_ORACLE_HOME/oam/server/rreg/output
b) If WebGate instance is created/updated using OAM console then files will be generated under $DOMAIN_HOME/output/[WEBGATE_NAME]
Note: To configure 11g WebGate using RREG click here or for basics in OAM 11g R1 check my book buy OAM/OIM 11g book from Amazon
Did you get a chance to download Free Guide for OAM? If not, download it here http://k21academy.com/free-guide-oam
