OAM 11.1.2.3 - Bad Oracle Access Manager Request Error After Applying OAM Patch 27373151 + Webgate Patch 27393427 BP 11.1.2.3.180717
After Applying OAM Patch 27373151 + Webgate Patch 27393427 BP 11.1.2.3.180717, when accessing the http resource then it was giving Bad Oracle Access Manager
Like when accessing "http://hostname.domain:7779/index.html" we get following message in the logfile "diagnostics/logs/OHS/ohs1/oblog.log"
2018/10/26@15:29:46.68427 1890 1950 WEB ERROR 0x0000151F /ade/aime_ngamac_748106/ngamac/src/palantir/commonlib/src/apache2_req_info.cpp:294 ecid^005UIDZfNp87U8ups^h8iX0000SX00001w rid^0 "WebGate Error Report" Message^Unable to process the request due to unexpected error. ReqReq^GET /public/index.html HTTP/1.1 ReqProto^HTTP/1.1 ReqHost^bdrvl-pd-oid01 ReqStatLine^ ReqStatus^200 ReqRawUri^/public/index.html ReqUri^/public/index.html ReqFilename^/orassf/appsso/oid_home/webutil_home/instances/instance3/config/OHS/ohs1/htdocs/public/index.html ReqPath^ ReqArgs^
2018/10/26@15:30:13.06128 1890 1937 WEB WARNING 0x00001546 /ade/aime_ngamac_748106/ngamac/src/palantir/webgate2/src/web_gate.cpp:2807 ecid^005UID_Fz_W7U8ups^h8iX0000SX00001y rid^0 "ServerName and/or port mismatch with HostName/Port in the Http HOST request Header." Host_Port in the Server Config : ^bdrvl-pd-oid01.india.airtel.itm:7779 Host_Port in the Http request : ^xx.xx.xxx.xxx:7779
2018/10/26@15:30:13.06146 1890 1937 WEB ERROR 0x0000151F /ade/aime_ngamac_748106/ngamac/src/palantir/commonlib/src/apache2_req_info.cpp:294 ecid^005UID_Fz_W7U8ups^h8iX0000SX00001y rid^0 "WebGate Error Report" Message^Unable to process the request due to unexpected error. ReqReq^GET /public/index.html HTTP/1.1 ReqProto^HTTP/1.1 ReqHost^xx.xx.xxx.xxx ReqStatLine^ ReqStatus^200 ReqRawUri^/public/index.html ReqUri^/public/index.html ReqFilename^/orassf/appsso/oid_home/webutil_home/instances/instance3/config/OHS/ohs1/htdocs/public/index.html ReqPath^ ReqArgs^
2018/10/26@15:30:16.00229 1890 1937 WEB WARNING 0x00001546 /ade/aime_ngamac_748106/ngamac/src/palantir/webgate2/src/web_gate.cpp:2807 ecid^005UID_RDY47U8ups^h8iX0000SX00001z rid^0 "ServerName and/or port mismatch with HostName/Port in the Http HOST request Header." Host_Port in the Server Config : ^bdrvl-pd-oid01.india.airtel.itm:7779 Host_Port in the Http request : ^xx.xx.xxx.xxx:7779
Solution:
3.d- After adding/updating the oam-config.xml file, make sure to increment the config file "Version" value near the top of the file.
For example, find the below section and increment the value of the version:
4- Restart the OAM managed server(s) and the AdminServer.
Like when accessing "http://hostname.domain:7779/index.html" we get following message in the logfile "diagnostics/logs/OHS/ohs1/oblog.log"
2018/10/26@15:29:46.68427 1890 1950 WEB ERROR 0x0000151F /ade/aime_ngamac_748106/ngamac/src/palantir/commonlib/src/apache2_req_info.cpp:294 ecid^005UIDZfNp87U8ups^h8iX0000SX00001w rid^0 "WebGate Error Report" Message^Unable to process the request due to unexpected error. ReqReq^GET /public/index.html HTTP/1.1 ReqProto^HTTP/1.1 ReqHost^bdrvl-pd-oid01 ReqStatLine^ ReqStatus^200 ReqRawUri^/public/index.html ReqUri^/public/index.html ReqFilename^/orassf/appsso/oid_home/webutil_home/instances/instance3/config/OHS/ohs1/htdocs/public/index.html ReqPath^ ReqArgs^
2018/10/26@15:30:13.06128 1890 1937 WEB WARNING 0x00001546 /ade/aime_ngamac_748106/ngamac/src/palantir/webgate2/src/web_gate.cpp:2807 ecid^005UID_Fz_W7U8ups^h8iX0000SX00001y rid^0 "ServerName and/or port mismatch with HostName/Port in the Http HOST request Header." Host_Port in the Server Config : ^bdrvl-pd-oid01.india.airtel.itm:7779 Host_Port in the Http request : ^xx.xx.xxx.xxx:7779
2018/10/26@15:30:13.06146 1890 1937 WEB ERROR 0x0000151F /ade/aime_ngamac_748106/ngamac/src/palantir/commonlib/src/apache2_req_info.cpp:294 ecid^005UID_Fz_W7U8ups^h8iX0000SX00001y rid^0 "WebGate Error Report" Message^Unable to process the request due to unexpected error. ReqReq^GET /public/index.html HTTP/1.1 ReqProto^HTTP/1.1 ReqHost^xx.xx.xxx.xxx ReqStatLine^ ReqStatus^200 ReqRawUri^/public/index.html ReqUri^/public/index.html ReqFilename^/orassf/appsso/oid_home/webutil_home/instances/instance3/config/OHS/ohs1/htdocs/public/index.html ReqPath^ ReqArgs^
2018/10/26@15:30:16.00229 1890 1937 WEB WARNING 0x00001546 /ade/aime_ngamac_748106/ngamac/src/palantir/webgate2/src/web_gate.cpp:2807 ecid^005UID_RDY47U8ups^h8iX0000SX00001z rid^0 "ServerName and/or port mismatch with HostName/Port in the Http HOST request Header." Host_Port in the Server Config : ^bdrvl-pd-oid01.india.airtel.itm:7779 Host_Port in the Http request : ^xx.xx.xxx.xxx:7779
Solution:
The globalHMACFlag user-defined parameter should be true as long as the OAM Server globalHMACEnabled value is set to true.
Also please confirm the following points to make sure everything is confiured correctly:
1- Make sure that the 11.1.2.3.180717 (BP15) Access Server (patch:28116779) and the 11.1.2.3.180717 (BP11) Webgate (patch:27953548) are applied.
2- Add User Defined Parameters for webgates involved:
globalHMACFlag=true
EnableHostPortValidation=false
3- In oam-config.xml add new property called - globalHMACEnabled
3.a- Take backup of oam-config.xml file.
3.b- Stop the OAM Managed server and the AdminServer.
3.c- Edit oam-config.xml and find the PATH "DeployedComponent > Server > NGAMServer > Profile > oamproxy"
If the globalHMACEnabled flag is present then toggle from false to true as desired.
Otherwise if the globalHMACEnabled flag is not present add - <Setting Name="globalHMACEnabled" Type="xsd:boolean">true</Setting>
Example:
Also please confirm the following points to make sure everything is confiured correctly:
1- Make sure that the 11.1.2.3.180717 (BP15) Access Server (patch:28116779) and the 11.1.2.3.180717 (BP11) Webgate (patch:27953548) are applied.
2- Add User Defined Parameters for webgates involved:
globalHMACFlag=true
EnableHostPortValidation=false
3- In oam-config.xml add new property called - globalHMACEnabled
3.a- Take backup of oam-config.xml file.
3.b- Stop the OAM Managed server and the AdminServer.
3.c- Edit oam-config.xml and find the PATH "DeployedComponent > Server > NGAMServer > Profile > oamproxy"
If the globalHMACEnabled flag is present then toggle from false to true as desired.
Otherwise if the globalHMACEnabled flag is not present add - <Setting Name="globalHMACEnabled" Type="xsd:boolean">true</Setting>
Example:
</Setting>
<Setting Name="oamproxy" Type="htf:map">
<Setting Name="globalHMACEnabled" Type="xsd:boolean">true</Setting> <<<<<<<<<<<<-------------------------------<<<<<<<<
<Setting Name="10gCompatibleGetHostIdentifiersSupport" Type="xsd:boolean">false</Setting>
<Setting Name="SSOOnlyMode" Type="xsd:boolean">false</Setting>
<Setting Name="NoUniqueSessionsFor10gAgents" Type="xsd:boolean">false</Setting>
<Setting Name="SharedSecret" Type="xsd:string">350CE18DEB404CAA45A8E07A7ACE508F15D6D8D8CD60045A3CD0158151A16ADD26A1176B3BFBFADC6400B6614F46D013</Setting>
<Setting Name="secure10gAgentAuthnRequest" Type="xsd:boolean">false</Setting>
<Setting Name="sslCertModeConfig" Type="htf:map">
<Setting Name="sslServerCertEntryPwd" Type="xsd:string">Not configured</Setting>
<Setting Name="sslServerCertEntryAlias" Type="xsd:string"></Setting>
</Setting>
<Setting Name="oamproxy" Type="htf:map">
<Setting Name="globalHMACEnabled" Type="xsd:boolean">true</Setting> <<<<<<<<<<<<-------------------------------<<<<<<<<
<Setting Name="10gCompatibleGetHostIdentifiersSupport" Type="xsd:boolean">false</Setting>
<Setting Name="SSOOnlyMode" Type="xsd:boolean">false</Setting>
<Setting Name="NoUniqueSessionsFor10gAgents" Type="xsd:boolean">false</Setting>
<Setting Name="SharedSecret" Type="xsd:string">350CE18DEB404CAA45A8E07A7ACE508F15D6D8D8CD60045A3CD0158151A16ADD26A1176B3BFBFADC6400B6614F46D013</Setting>
<Setting Name="secure10gAgentAuthnRequest" Type="xsd:boolean">false</Setting>
<Setting Name="sslCertModeConfig" Type="htf:map">
<Setting Name="sslServerCertEntryPwd" Type="xsd:string">Not configured</Setting>
<Setting Name="sslServerCertEntryAlias" Type="xsd:string"></Setting>
</Setting>
3.d- After adding/updating the oam-config.xml file, make sure to increment the config file "Version" value near the top of the file.
For example, find the below section and increment the value of the version:
<Setting xmlns="http://www.w3.org/2001/XMLSchema" Name="NGAMConfiguration" Type="htf:map">
<Setting Name="Distributor" Type="xsd:string">MapDistributor</Setting>
<Setting Name="DistributorContext" Type="xsd:string">DistributorContext</Setting>
<Setting Name="DistributorMode" Type="xsd:string">MapStore</Setting>
<Setting Name="NotificationLockProvider" Type="xsd:string">ConfigNotificationListeners</Setting>
<Setting Name="ProductRelease" Type="xsd:string">11.1.2.3.0</Setting>
<Setting Name="FilePollingInterval" Type="xsd:integer">30000</Setting>
<Setting Name="NotificationLockWait" Type="xsd:integer">20000</Setting>
<Setting Name="Version" Type="xsd:integer">695</Setting> <<<<<<<<<<<<<<<<<<<<<<<-------------------------------<<<<<<<<<<<<<<<<
<Setting Name="Distributor" Type="xsd:string">MapDistributor</Setting>
<Setting Name="DistributorContext" Type="xsd:string">DistributorContext</Setting>
<Setting Name="DistributorMode" Type="xsd:string">MapStore</Setting>
<Setting Name="NotificationLockProvider" Type="xsd:string">ConfigNotificationListeners</Setting>
<Setting Name="ProductRelease" Type="xsd:string">11.1.2.3.0</Setting>
<Setting Name="FilePollingInterval" Type="xsd:integer">30000</Setting>
<Setting Name="NotificationLockWait" Type="xsd:integer">20000</Setting>
<Setting Name="Version" Type="xsd:integer">695</Setting> <<<<<<<<<<<<<<<<<<<<<<<-------------------------------<<<<<<<<<<<<<<<<
4- Restart the OAM managed server(s) and the AdminServer.
Comments