Did you ever wondered that why there are 2 cwallet.sso files generated for your webgate profile in OAM R2PS3?
Let's take a look of the directory structure of the webgate profile when you create it;
- Here you see a cwallet.sso file & a wallet folder. This wallet folder was never there in previous releases, but from R2PS3 onwards you will see this folder as well..
Let' see what this folder contains;
- On expanding this wallet folder you see one more cwallet.sso file present int it.
bash-3.2$ ls -ltr
total 12
drwxr----- 2 ckukreja dba 4096 Oct 20 10:42 wallet
-rw-r----- 1 ckukreja dba 2796 Oct 20 10:42 ObAccessClient.xml
-rw-rw-rw- 1 ckukreja dba 0 Oct 20 10:42 cwallet.sso.lck
-rw------- 1 ckukreja dba 433 Oct 20 10:42 cwallet.sso ----> this R2PS2 compatible wallet
bash-3.2$ cd wallet/
bash-3.2$ ls -ltr
total 4
-rw-rw-rw- 1 ckukreja dba 0 Oct 20 10:42 cwallet.sso.lck
-rw------- 1 ckukreja dba 401 Oct 20 10:42 cwallet.sso -------> this R2PS3 compatible wallet
total 12
drwxr----- 2 ckukreja dba 4096 Oct 20 10:42 wallet
-rw-r----- 1 ckukreja dba 2796 Oct 20 10:42 ObAccessClient.xml
-rw-rw-rw- 1 ckukreja dba 0 Oct 20 10:42 cwallet.sso.lck
-rw------- 1 ckukreja dba 433 Oct 20 10:42 cwallet.sso ----> this R2PS2 compatible wallet
bash-3.2$ cd wallet/
bash-3.2$ ls -ltr
total 4
-rw-rw-rw- 1 ckukreja dba 0 Oct 20 10:42 cwallet.sso.lck
-rw------- 1 ckukreja dba 401 Oct 20 10:42 cwallet.sso -------> this R2PS3 compatible wallet
So the answer for these 2 cwallet.sso files is as follows:
- The cwallet.sso file present in wallet folder is R2PS3 compatible wallet, which means if you try to use this cwallet.sso file with R2PS2 webgate, it won't work. You will get FATAL error that "unable to read agent key". And thus webgate is not initialized successfully.
- This cwallet.sso is used by R2PS3 webgate, but there is a catch here. Consider you don't copy the wallet folder to webgate instance directory in that case R2PS3 webgate is intelligent enough to understand the R2PS2 cwallet.sso.
- So this means that R2PS3 webgate can work with R2PS2 cwallet.sso as well as R2PS3 cwallet.sso.
- While the other cwallet.sso present outside is R2PS2 compatible wallet file i.e. when you try to use R2PS3 OAM Server with R2PS2 WebServer having R2PS2 Webgate. This cwallet.sso will be used by the webgate to read the agent key.
- This means that if this cwallet.sso is not present in that case R2PS2 webgate will be unable to initialize as it won't be able to read the agent key i.e. is present in cwallet.sso.
- Hence to make R2PS2 webgate work with R2PS3 OAM server it is mandatory to use the cwallet.sso file presnet outside the wallet folder.
There is one more change done in the cwallet.sso files for R2PS2 & R2PS3 created by R2PS3 OAM Server i.e.
- If you open the cwallet.sso of R2PS2 or R2PS3 it only contains shared secret key, there are no default certs present.
Remember: to set the JAVA_HOME before you use the orapki command.
- While the cwallet.sso created by R2PS2 OAM Server used to contain default certs and the shared key.
Note:
- To open R2PS3 cwallet.sso present in wallet folder you need the latest orapki executable which comes with R2PS3 OAM server, this same orapki can open the R2PS2 cwallet.sso as well.
- But the orapki that comes with R2PS2 OAM Server will be unable to open R2PS3 wallet & will ask for login password in-spite of the fact that the cwallet.sso is auto login wallet.
Enjoy :-)
No comments:
Post a Comment