Troubleshooting : 11g WebGate with OHS 11g integrated with OAM 11g : OBWebGate_AuthnAndAuthz: Oracle AccessGate API is not initialized

 

I discussed about issue Oracle AccessGate API is not initialized with OAM 11g with WebGate 10g where CERTIFICATES expired . In this post I am going to cover similar issue but in OAM 11g version.

After integrating OAM 11g WebGate for OHS with OAM 11g Server version configured in SIMPLE (this issue could be with CERT as well), I was unable to access resource via OHS.

In OHS Error logs at $ORACLE_INSTANCE/diagnostics/logs/OHS/ohs1/ohs1.log

________

[2013-10-05T23:40:30.2335+01:00] [OHS] [ERROR:32] [OHS-9999] [core.c] [client_id: 127.0.0.1] [host_id: ohs_host] [host_addr: 192.168.1.12] [tid: 47414834960704] [user: oracle] [ecid: 004u0ORAPh7EkJWjLxiOOA0006uI00000L] [rid: 0] [VirtualHost: main]  OBWebGate_AuthnAndAuthz: Oracle AccessGate API is not initialized.

[2013-10-05T23:40:30.2339+01:00] [OHS] [ERROR:32] [OHS-9999] [core.c] [client_id: 127.0.0.1] [host_id: ohs_host] [host_addr: 192.168.1.12] [tid: 47414834960704] [user: oracle] [ecid: 004u0ORAPh7EkJWjLxiOOA0006uI00000L] [rid: 0] [VirtualHost: main]  Request Failed for : /index.html, Resp Code : [500]

________

In Oblix logs (OAM is product from Oblix that Oracle acquired in 2005) at $ORACLE_INSTANCE/diagnostics/logs/OHS/ohs1/oblog.log

________

2013/10/05@22:43:10.23081       28337   28356   ACCESS_GATE     FATAL   0x00001520      /ade/aime_50561/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:598  “Exception thrown during WebGate initialization” 2013/10/05@22:43:10.23095       28337   28356   ACCESS_GATE     FATAL   0x0000181C      /ade/aime_50561/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:599  “Oracle AccessGate API is not initialized.”     raw_code^204

________

If you encounter this issue, check if WebGate (configured on OHS server) can connect to OAM Server on port mentioned in primary_server_list . OAM server details are stored in WebGate configuration file (on OHS server) at $ORACLE_INSTANCE/ config/ OHS/ ohs1/ webgate/ config/ObAccessClient.xml  (other files generated based on password selected for Agent and OAM server mode (SIMPLE or CERT) password.xml, cwallet.sso, aaa_cert.pem, aaa_key.pem)

Look for entry like

ListName=”primary_server_list”><ValListMember Value=”oamhost1:5575“>

Check mode of OAM Server and if this is SIMPLE or CERT then you should see files aaa_cert.pemaaa_key.pem under folder $ORACLE_INSTANCE/ config/ OHS/ ohs1/ webgate/ config/ simple

Note: OAM can be configured in one of three modes OPEN, SIMPLE, CERT , for steps to change communication MODE in OAM click here

Issue: In my case .pem file under folder simple were missing (other reason could be that files are there but certificate inside these files are expired)

Note: These files are generated on OAM server under

a) If WebGate instance is created using RREG then files will be generated under $OAM_ORACLE_HOME/oam/server/rreg/output

b) If WebGate instance is created/updated using OAM console then files will be generated under $DOMAIN_HOME/output/[WEBGATE_NAME]

Note: To configure 11g WebGate using RREG click here or for basics in OAM 11g R1 check my book buy OAM/OIM 11g book from Amazon
Oracle Identity & Access Manager 11g Administration

Did you get a chance to download Free Guide for OAM? If not, download it here http://k21academy.com/free-guide-oam

Series Navigation<< Deploying OAM in high availability across data centres in Active Active cluster : New Feature in OAM 11gR2 PS2Renew certificates in OAM 10.1.4.3 >>

Share This Post with Your Friends over Social Media!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

2 comments
Philipp says June 25, 2014

Thank you, Atul!

Nice article.

Reply
Srinivas says January 19, 2015

I installed OAM 11G R2 11.1.2.2 on centos 7.
In same VM installed apache 2.4.6 and installed 11g web gate.

But when i start apache, i was getting below error
Cannot load /opt/oamapachewebgate/webgate/apache/lib/webgatessl.so into server: /opt/oamapachewebgate/webgate/apache/lib/webgatessl.so: wrong ELF class: ELFCLASS32

I fixed this by commenting lines in webgate.conf

#
#LoadModule obWebgateModule “/opt/oamapachewebgate/webgate/apache/lib/webgatessl.so”
#

Now getting below error while starting apache web server.
Jan 18 16:21:40 localhost.localdomain httpd[5015]: AH00526: Syntax error on line 12 of /etc/httpd/conf/webgate.conf:
Jan 18 16:21:40 localhost.localdomain httpd[5015]: Invalid command ‘WebGateInstalldir’, perhaps misspelled or defined by a module not included in the server configuration
Jan 18 16:21:40 localhost.localdomain systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE

Please help me to fix this issue.

Reply
Add Your Reply