Purpose of Max Session Time OAM

Purpose of Max Session Time field:

Max Session Time (hours)

Maximum time to keep server connections alive. The unit is based on the maxSessionTimeUnits user-defined parameter which can be 'minutes' or 'hours'. When maxSessionTimeUnits is not defined, the unit is defaulted to 'hours'.

What does this above definition means?

Basically this is the session time for the OAP/NAP connections made between Webgate & OAM Server.
This is the TTL (Time to live) of these OAP/NAP connections.

Is this field defines the time in minutes or hours?

By default it is in 'hours'. But when you create a Webgate Agent Profile there is a user defined parameter defined as 'maxSessionTimeUnits' & it has value 'minutes'.
Thus this makes the value configured in 'MAX SESSION TIME' in minutes.

• In this agent profile we have max session time configured as '2'. This is in minutes why?
• Because we have configured the user defined parameter 'maxSessionTimeUnits' & value of this parameter is 'minutes'.

But if you remove this parameter 'maxSessionTimeUnits' than MAX SESSION TIME will have 'hours' as its unit.

Note:

• User won't be challenged for credentials again because of the 'MAX Session time'. This time is not user session timeout. It is for the OAP/NAP connection timeout.

How will you test these connections?

bash$> netstat -anp | grep 5575 | grep httpd.worker

Note:

1. Port 5575 is the listening port used by the OAM Server. While creating webgate agent profile server connection port is mentioned.
2. 'httpd.worker'  is the OHS server process.
3. In this example 2 worker threads have made OAP/NAP connection with the OAM Server. 

After 2 minutes these connections are re-established, here is the proof.

Hope it clears your doubts.....!!!!!!


Reference Doc:
http://docs.oracle.com/cd/E40329_01/admin.1112/e27239/register.htm#AIAAG631


Enjoy :-)

[Weblogic]: How to Deploy a Web App on OAM Weblogic Console

This post is divided into 3 sections:

1) Create a web-app.

2) Deploy it on the managed server.

3) Accessing the web-app.

Let's Start:

1) Create an web-app: For this i have an already created web-app, which contains a headers.jsp page.

• headers.jsp - This page will be used to display all the HTTP Headers that are set by the OAM-Weblogic.

2) Deploy web-app:

• Login to weblogic server: http://<host:port>/console

• Once you gets logged in, select 'Deployment' option under Domain Structure.

Note: Before you move to next step, copy the web-app folder to the domain directory i.e.

Copy to this path: <MiddlewareHome>/user_projects/domains/<your_domain_name>/

• Click 'install' button: This will lead you to deployment process.

• Now select your app folder

• Select the folder like here it is showing 'source' as it contains the app:

          Press Next....

Note: 

• Here the 'source' folder has the web app pages, thus when we need to actually access these resources from the browser. We will fire the request as:

         http://<host:port>/source/Login.jsp

• Thus in case if your folder name is something else, than you will access it from that name only.

         Syntax: http://host:port/<webapp folder name>/<resource name>

• On next page: nothing needs to be change as of now, keep on selecting the default option. Just press next.

• Available Targets: Select 'oam_server1' or you can also deploy it on Admin Server and press Next.

• General Assistance: This will show you the selected options, here you just need to press Next.

Note: One thing that you need to make a note of is the deployment name. Because in future if you need to update the app, you need the name.

• Finish: Click 'Finish' & it will deploy the app.

Note: Click the 'Activate Changes' button on the top left, this will apply the changes & no restart is required.

3) Accessing the web-app: 

• We need to make changes in mod_wl_ohs.conf file, & we need to front end the deployed app.

        Note: Here i have front ended the app with OHS. 

• '/source' is the app folder that we have chosen while deploying.
• Mention the host name - this will be the host on which you have installed the OHS.
• Mention the Port - this will be the port on which managed server is listening.
• Save the changes.
• Restart the OHS server.

• Open the browser, fire the url - http://<host:port>/source/headers.jsp
• It will redirect you to credential collector page. Provide the credentials.

• And you will get the 'headers.jsp' resource.

• Now you can even try to access other resources present on your OHS Server i.e. you have placed in htdocs folder. Like:

         http;//<host:port>/index.html

• You will not be asked for the credentials again, as you have already logged in & your OAMAUthnCookie & OAM_ID cookies are present with your browser.

Enjoy :-)

[OHS]: Configure Webgate to include Execution context ID (ECID)

Enabling Webgate ECID Logs:

1) Go to Webgate Instance Directory:

bash$> $OHS_HOME/instances/instance1/config/OHS/ohs1/

2) Change Directory to webgate config folder:

bash$> cd webgate/config

3) Open oblog_config_wg.xml file to edit it:

bash$> vi oblog_config_wg.xml

4) By default LOGLEVEL_ECID will be off. Thus it is required to 'On' the logging.

<!--  LOGLEVEL_ECID logs will be logged in a seperate file by default 
  --> 
- <!--  By default LOGLEVEL_ECID will be off.                           
  --> 
- <!--  To make it on change "LOG_STATUS" parameter to "On"             
  --> 
- <ValNameList xmlns="http://www.oblix.com" ListName="LogEcid2File">
  <NameValPair ParamName="LOG_LEVEL" Value="LOGLEVEL_ECID" /> 
  <NameValPair ParamName="LOG_WRITER" Value="MPFileLogWriter" /> 
  <NameValPair ParamName="FILE_NAME" Value="webgate.ecid.log" /> 
- <!--  Buffer up to 64 KB (expressed in bytes) of log entries before flushing to the file. 
  --> 
  <NameValPair ParamName="BUFFER_SIZE" Value="512" /> 
- <!--  Rotate the log file once it exceeds 50 MB (expressed in bytes). 
  --> 
  <NameValPair ParamName="MAX_ROTATION_SIZE" Value="52428800" /> 
- <!--  Rotate the log file after 24 hours (expressed in seconds). 
  --> 
  <NameValPair ParamName="MAX_ROTATION_TIME" Value="86400" /> 
  <NameValPair ParamName="LOG_STATUS" Value="Off" /> 
  </ValNameList>

5) Here we need to change the LOG_STATUS Value to "On"

<!-- <NameValPair ParamName="LOG_STATUS" Value="Off" /> -->

<NameValPair ParamName="LOG_STATUS" Value="On" />

6) If we want to get the logs write quickly, no buffer storage. We can reduce the BUFFER_SIZE to "1".

7) Save the changes. And we are good to go...!!!!
8) Restart the OHS Web Server.

9) You will see a log file created in the diagnoistics folder named "webgate.ecid.log"

bash$> cd $OHS_HOME/instances/<instance_name>/diagnostics/logs/OHS/ohs1/
bash$> ls *ecid*
webgate.ecid.log


Enjoy :-)

Exception: "Oracle AccessGate API is not initialized"

Problem Statement:

Following exception is seen while starting the OHS Server (which has webgate.so included):

"Exception thrown during WebGate initialization"
"Oracle AccessGate API is not initialized"

Issue:

This is surely a configuration related issue. Remember always first doubt the configuration and than the component. That's the thumb rule.

Solution:

1) Usually when we use security mode other than Open i.e. either Simple or Cert mode. We get this type of exception.

Now the question arises why?

Basically there are some steps that we follow to change the security mode.

Like for Simple Mode: http://oracleoam.blogspot.com/2014/08/configure-simple-mode-communication-for.html

• Here say if we don't provide the Global Passphrase Password. And we just apply the rest of the changes. So when we try to start OHS Server or any server using the webgate component. It will throw these exception.

Note: 

1. Here if you don't provide any password for global passphrase, you still see the field as non-empty but that value is junk. And it needs to be provided a valid password, which could be any. But you have to provide it.
2. Basically while doing the SSL handshake with the OAM Server this password is passed with other values. That's why it is important to provide one.

Enjoy :-)