Showing posts with label Oracle HTTP Server. Show all posts
Showing posts with label Oracle HTTP Server. Show all posts

Tuesday, May 27, 2014

Get Stack Trace from a Oracle HTTP Server(OHS) CORE file on Unix



-- Navigate to core file location (Ex: /oracle/Middleware/Oracle_WT1/instances/instance1/)

-- Execute command "file <<corefilename>>". 
    Sample Output: core.12273: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/oracle/middleware/Oracle_WT1/ohs/bin/httpd.worker -DSSL'

-- Execute command "file httpd.worker".
    Sample Outputhttpd.worker: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically     linked (uses shared libs), for GNU/Linux 2.4.0, not stripped.

-- Execute command "script <<filename to generate stacktrace>>". 
    Sample OutputScript started, file is /opt/mystack

-- Execute command "gdb <<program(Ex: https.worker file)>> <<core file>>". This will start the stack trace.

-- Once the stack trace is completed, execute commands "quit" and then "exit". 

Core file stack trace is loaded into targeted file!!

-- Siva Pokuri. 

    
Posted by No comments:
Labels: , , , ,

Wednesday, April 2, 2014

Windows Native Authentication(WNA) configuration in Oracle Access Manager 11g R2 PS2


Agenda: Process to configure WNA Authentication in Oracle Access Manager 11GR2 PS2.

Process:

  • Create new service account in Active Directory domain controller. User should not have any password expiry.


  • Open the command prompt in AD machine and  execute the below command to generate the keytab file.
"ktpass -princ HTTP/<oamHostName>@<adDomainName> -mapuser <adDomain>\<username> -pass <userPassword> -out <path>"


  •  Check the success message as shown in the below screen shot. 


  •  Open the user account in AD and click on the Account tab. Verify that principle name as shown in the below screen.

  • Copy the keytab file from AD machine to OAM machine. 

  •  Login as a root user and edit the /etc/krb5.conf file


  •  Please verify the below screen for your reference.


  •  Execute the klist command in OAM machine as shown in the below screen.  Find the Syntax below.
"klist -k -t -K -e FILE:/<keytab file path>"


  •  Execute the kinit command in OAM machine as shown in the below screen. Find the syntax below.
"kinit -V <Principle Name> -k -t <keytab file path>"

  •  Execute the klist command in OAM machine as shown in the below screen. 


  •  Login to the access manager admin console.
  • Navigate to Authentication modules > Kerberos
  • Provide the required parameters as shown below.


  •  Create new data store for AD in OAM.


  •  Create Authentication policy with Kerberos schema.


  •  For your reference verify the Kerberos authentication schema as shown in the below screen. 


  •  NTLM Changes.
  • Login to the server and navigate to the directory /<weblogic_domain>/config/fmwconfig/
  • Modify the NTLM Response from DEFAULT to BASIC. 


  •  Restart the Weblogic Admin server and OAM Managed server.

Testing:


  • Login to the AD Domain machine. 
  • Open command prompt and execute command "klist" to check the kerberos tokens are generated or not.


  •  Open IE browser then open Internet options and navigate to Advanced tab. Scroll down and verify "Enable Integrated Windows Authentication" is selected. 

  • Try to access the application which is protected by OAM Kerberos authentication.

-- Kiran Pokuri 
Posted by 8 comments:
Labels: , , , , , , , , , , ,

Sunday, February 23, 2014

Oracle Access Manager(OAM) 11g user not able to login to a protected resource intermittently


Hi All,

Recently I came across a weird intermittent login issue in OAM 11g protected resource when it's integrated with OAAM 11g. 

As far as I know there is only one place(OAM Admin console >> System configuration >> common settings) where we can change the max session timeout. By default, Max session value will be 480 min. I got requirement to change the max session timeout from 8 hrs to 12 hrs. So I just changed the setting accordingly and bounced the services.

After increasing the max timeout setting user is not able to login all of sudden.

After so much struggle i found the pattern of the issue. User will not be able to login starting from 8th hour of user last login and before 12th hour(Essentially, user will not be able to login for period of 4 hrs). Once clock hits 12th hour user can login as usual. 

Then finally after discussing with Oracle support there they provided a fix for this issue.

Here is the solution:

1. On the Admin Server, take a backup of the $DOMAIN_HOME/config/fmwconfig/oam-config.xml
2. Edit the oam-config.xml file, searching for CredentialValidityInterval (this defaults to 480 minutes, or 8 hours)
3. Change this field to match the configured OAM session timeout
4. Find the Version field, eg:

<Setting Name="NotificationLockWait" Type="xsd:integer">20000</Setting>
<Setting Name="Version" Type="xsd:integer">120</Setting>
<Setting Name="DataCenterConfiguration" Type="htf:map">

and increment the version value:

<Setting Name="NotificationLockWait" Type="xsd:integer">20000</Setting>
<Setting Name="Version" Type="xsd:integer">121</Setting>
<Setting Name="DataCenterConfiguration" Type="htf:map">

Then, Bounce OAM services and test the scenario.

Thanks
Siva Pokuri




Posted by No comments:
Labels: , , , , , ,

Monday, February 10, 2014

Oracle Enterprise Manager(OEM) 12c: Stand Alone OHS monitoring

OEM 12c can monitor stand alone OHS Web server (with out weblogic domain) starting from 12.1.0.4.0 version onwards.

-- Thanks


Posted by No comments:
Labels: , , ,

Friday, November 9, 2012

Oracle Access Manager(OAM) 11g R2 + Oracle HTTP Server(OHS) WebGate + Internet Explorer issue

Hi folks,

Environment:

OAM 11g R2 + OHS 11g R2 Webgate

Symptoms:

 When attempting to access a resource protected by an OAM 11g WebGate using Internet Explorer, the access hangs or page fails to load.  Accessing the same page from Firefox is successful.  

Cause:

This problem may occur due to a clock skew between the browser host and the system hosting the OAM 11g WebGate.
 The reason this may cause a problem is that when the initial request is made, the OAM 11g WebGate will set an OAMRequestContext<hostname> cookie, eg, OAMRequestContext_myhost.oracle.com:7777_1234.
 This is a persistent cookie, meaning it has a set time to expire, generally 5 minutes after creation.  After the user authenticates with the OAM server and is redirected back to the WebGate, the WebGate expects to see this request context cookie.
 If it is not present, the OAMAuthnCookie is not set, which establishes the user's identity to the webgate.  The user is redirected to the original resource, but with no OAMAuthnCookie set the WebGate determines the user is not authenticated,
 and redirects the user to the OAM server for authentication.  The OAM_ID cookie was set during  the login by the OAM managed server, so the OAM managed server realizes the user is authenticated, and redirects back to the WebGate, creating a loop.

Resolution:

Fixed in OAM 11g R2 BP 01

Thanks

Siva Pokuri.



Posted by 2 comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)