R2 PS2: OHS WebGate 22.214.171.124.0 UnExpected HTTP-302 Redirects On Accessing Public Resources URLs (Webgate 126.96.36.199 Change Of Behaviour With Public Resources)
(Doc ID 1639420.1)
Last updated on JUNE 28, 2018
Applies to:Oracle Access Manager - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
On using OHS WebGate R2 PS2 (Webgate 184.108.40.206.x).
When you request an unprotected PUBLIC resource page, the browser is temporarily redirecting to the OAM login url as per HTTP-302 redirects found as onto uris paths of "/oam/server/obrareq.cgi?encquery..." and "/obrar.cgi?encreply..."
But then, the browser returns the requested public resource page instead of displaying any OAM login page.
So, there is no login prompt for user's authentication challenge as it is transparent on flows, but we can see those HTTP 302 redirects when collecting the HTTP Headers traces.
The issue with this is that it might affect some customers who are possibly relying and expecting on correct HTTP-200 code for LB Health-Check testing or some sort of things.
So, some customers might use this as for checking if the OHS is up and running, and/or to identify if Webgate and OHS are both functional by LB PING request on typical public resource url running on the OHS/Webgate instance.
So, in this case the Load Balancer will typically now receive an HTTP-302 redirect, instead of expected HTTP-200 OK, and hence the OHS instances are considered all down and LB service is interrupted.
For instance, the Load Balancer might use some /ohs-wg-keepalive.html as keep-alive url and this is configured in OAM server as being the unprotected PUBLIC resource.
So, LB periodically tests this page to verify if the OHS/Webgate is up and running. Since Load Balancer expects http-200, but now with the redirect behavior, the response is http-302.
Install or Upgrade to new release of OAM/Webgate R2 PS2 (aka OAM/Webgate 220.127.116.11.x)
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.|