Leave a Comment:
25 comments
Hi Mahendra,
Reverse proxy is not working fine after following your steps. can you please tell me, is there any other i need to follow to enable the reverse proxy.
OHS – 10g release 2
Replyhi Vinoth,
You would just need mod_proxy.so loaded in httpd.conf. After that, you need to put 2 lines ProxyPass and ProxyPassReverse for the applications that you want to proxy.
Let me know if you find any issues.
-Mahendra.
ReplyHi Mahendra
I need to configure reverse proxy on OHS to point to the EBS servers. Could you please help me in configuring the same.
Reply@Sunny,
Please try ProxyPass and ProxyPassReverse with URL http://ebs_host_name:port/
Don’t specify any application name. It should look like
ProxyPass / http://ebs_hostname:port/
ProxyPassReverse / http://ebs_hostname:port/
Let me know the results. I have not tried proxying EBS URLs ever before.
-Mahendra.
ReplyOur reverse proxy server is https://111.112.113.13 and DNS is https://111.112.113.17 which is redirected to https://map.ohs.edu:9010. Are these the correct entries in httpd.conf
ProxyPass / https://map.ohs.edu:9010/
ReversePassProxy / https://map.ohs.edu:9010/
Hi Mahendra,
Can you kindly help me on the steps to do OAM-TAI integration thru reverse proxy please?
Reply@Anand Narayanan,
Please share issue and meaning of TAI .
OAM I am assuming is Oracle Access Manager
ReplyHi Atul,
OAM – Oracle Access Manager
TAI – Trust Association Interceptor
The problem – We are using Webgate 10g, OAM 11g, IHS Webserver & Websphere 6.1. We plan to use reverse proxy method to integrate OAM & TAI due to some reason. I did the configurations as per the Oracle document http://docs.oracle.com/cd/E21764_01/upgrade.1111/e17852/manage_was_oamiap.htm. We use OAMs default login page to authenticate and the authentication happens properly but after authentication, authorization is not happening. The application login screen is thrown again by TAI rather doing a reverse proxy & authorize me.
ReplyHi Atul,
Through trace we found that the following error is been thrown –
0000000a TrustAssociat E SECJ0125E: Trust Association Init Unable to load Trust Association class oracle.security.was.providers.tai.OAMTrustAssociationInterceptorImpl
The jars told by Oracle are properly set but still believe WAS is not able to load the OAMTrustAssociationInterceptor.jar.
Reply@Anand Narayanan,
Not clear about your issue, does same thing works without reverse proxy.
Atul,
We tried reverse proxy method only and it didn’t work.
ReplyHi Atul and Mahendra,
I am using OAM 10.1.4.3.0 annd have a OHS 11.1.1.2 as a reverse proxy server on which the webgate is installed. I am protecting an application which is on a different destination hosting an java application server.
I have done all the steps but when i try to reverse proxy the URL in the browser the URL changes from my web server host to the application server hostname and port.
Does this mean that i am loosing the context here. BEcuase the target application is not able to redirect to the home page as they are saying that the session is getting invalidated.
For exmaple the OHS server URL is http://xyz:9999 and in here i am reverse proxying to the application whose URL is http://abc:8885/BPCS/inetrnallogin.jsp . Now when i type http://xyz:9999/BPCS/inetrnallogin.jsp in the browser it is bringing me the login page as per the policy rule and after successfull login in the browser the URL is changing from xyz to http://abc:8885/BPCS/inetrnallogin.jsp.
I do not understand why this URL redirection is happening . and the end result is that i am going to the login page of the external application but not the home page. The application owner are saying that they are able to see the header variable having the user id is getting passed but the session is getting invalidated.
Can i know why this URL changing is taking place and how to tackle it. Also can you please give any ssugestions for the problem whose description i have provided.
Regards
Dev
@ dev,
This could be that there is HTTP Frontend URL defined in application server that is forcing application to redirect back to apps server hostname.
This could also be because of proxy configuration in OHS.
What is your proxy-entry in HTTP server (one that forwards request from HTTP server to app server) ?
What application server is this where application is deployed.
Dear Atul,
I found something . I was able to resolve the URL redirection thing for normal Java based application but now i am facing this issue only for oracle based application like OBIEE 10.1.3.4.1 which is hosted on a OC4J Application server. How to check for the Front End URL thing which u spoke about. Please let me know that
In the OHS httpd.conf i have the following code
ProxyPass /analytics http://abc:7777/analytics
ProxyPassReverse /analytics http://abc:7777/analytics
Regards
Dev
@ Dev,
Try like this and see if this helps (restart OHS) where xyz is OHS server and listening on 9999 . abc is apps server host and listening on port 7777
NameVirtualHost *:9999
ServerName http://xyz:9999
RewriteEngine On
RewriteOptions inherit
UseCanonicalName On
ProxyPass /analytics http://abc:7777/analytics
ProxyPassReverse /analytics http://abc:7777/analytics
Dear Atul,
I tried to do the configuration as u suggested. But the behaviour remains the same. I even checked for the Front end URL redirection thing for OBIEE 10g OC4J server but could not find anything specific. I still do not understand what is happening.
Regards
Dev
Hi,
Am trying to attempt a proxy and reverse proxy as follows.
Its not working.
Please try if you can help.
ProxyPass /abc http://HOST:PORT/context/faces/abc
ProxyPassReverse /abc http://HOST:PORT/context/faces/abc
Regards,
Venkat
Venkat,
Is this JSF application? What is the error you’re seeing in web server logs?
-Mahendra
ReplyMahendra,
In my log i can see that it is looking for context root in my docs folder.
This is ADF application.
—
Venkat
Venkat-
Is ohs configured to the WAS directly or to WAS-proxy. Internally WAS has proxy listening on default port 21024.
1.Which port on WAS is OHS pointing to?
2.Where did you load the .jar file from?
Hi Mahendra,
This is realty great post and is very helpful for over simplifying the reverse proxy complexity. the examples you and other mentioned here is working for me smoothly, however, I have one small problem; i can’t redirect my traffic to context root or my testing site “wwww4.portal.com” without typing the full url “www4.portal.com/wps/portal”. below is the config i am using, please let me know if i am missing an additional configuration so when users type “www4.portal.com” it autofills the rest of the url that is “www4.portal.com/wps/portal”.
Listen 192.169.1.12:80
ServerName wwww4.portal.com
ServerAlias wwww4.portal.com
ProxyRequests off
ProxyPreserveHost on
ProxyPass / http://examserver1.portal.com/
ProxyPassReverse / http://examserver1.portal.com/
We are Configuring IBM WebSphere for OAM SSO and the IAP and unable to find the below jar file. Was this jar available part of separate package OAMTrustAssociationInterceptor.jar
oamtai.xml
@Rudolp,
Contact Oracle Support please and ask for this file . They will provide else they will put you in touch with OAM development .
In Creating the Interceptor Entry in the IBM WebSphere Console under “Managing OAM identity Assertor for WebSphere”… do we need to create the property ws.ext.dirs for OAMTrustAssociationInterceptor.jar. We are not able to find the property under Java Virtual Machine, Custom Properties as per the oracle documents. Any one tried successfully for OAM TAI integration.
ReplyHi Anand,
I am also getting the same error, using IHS as reverse proxy
0000000a TrustAssociat E SECJ0125E: Trust Association Init Unable to load Trust Association class oracle.security.was.providers.tai.OAMTrustAssociationInterceptorImpl
Did you resolve the issue?
Reply