This discussion is archived
0 Replies Latest reply: Nov 12, 2012 7:17 AM by user12109470 RSS

Unable to PASS CLient SSL to Weblogic via WL Proxy Plugin and OHS-Webserver

user12109470 Newbie
Currently Being Moderated
Can someone please help me ? I have been unable to get this working; working on this for almost 2-3 weeks now.
Problem Summary
---------------------------------------------------
Unable to PASS CLient SSL to Weblogic via Weblogic Proxy Plugin adn Webserver in front of WLS

Problem Description
---------------------------------------------------
We have a new requirement to validate Client's SSL certificate at the Application level and based on it, we take some decisions.
Our setup involves:
(1) Weblogic Side:
WLS 10.3.6 - 64 Bit on IBM AIX 64 Bit OS.
IBM JDK 6- 64 Bit
Weblogic Plugin Enabled at:
Domain-> Web Applications ->Client Cert Proxy Enabled
Domain-> Web Applications ->WebLogic Plugin Enabled
SSL Certificate Deployed on Managed Server ; custom identity and custom trust store (having all trusted root CA and also Customer's SSL)
SSL Port Enabled
Two Way SSL Authentication Enabled at Managed Server Level
NO CLUSTER; it is single managed server.

(2) ProxyPlugin & DMZ Server Level:

OracleHttpServer 11.1.1.6 - 64 Bit; enabled for two ssl authentication
SSL Engine ON
SSLVerifyClient require
SSLOptions FakeBasicAuth ExportCertData +StrictRequire
SSLWallet <TO-SOme-Path> # This has our key/public SSL/customer's trusted SSL etc

(3) Weblogic Plugin 1.1 - mod_wl_ohs
WLProxySSL ON
WLSSLWallet <SomePath>

The client uses XML request/response to use our application on https sending their SSL certificaes.

We don't find CLiennt's SSL passing from Proxy to WLS.
Header to WLS: [Content-Type]=[text/xml]
Header to WLS: [Authorization]=[Basic Q0VSVFRFU1R
Header to WLS: [User-Agent]=[Java/1.7.0_04]
Header to WLS: [Host]=[lt-101843.xxxx.com:44
Header to WLS: [Accept]=[text/html, image/gif, im
Header to WLS: [Content-Length]=[379]
Header to WLS: [Connection]=[Keep-Alive]
Header to WLS: [WL-Proxy-SSL]=[true]
Header to WLS: [X-Forwarded-For]=[10.1.10.180]
Header to WLS: [WL-Proxy-Client-Cert]=[] ###### Empty List ......................??????
Header to WLS: [WL-Proxy-Client-Keysize]=[128]
Header to WLS: [WL-Proxy-Client-Secretkeysize]=[1
Header to WLS: [WL-Proxy-Client-IP]=[10.1.10.180]
Header to WLS: [Proxy-Client-IP]=[10.1.10.180]
Header to WLS: [X-WebLogic-KeepAliveSecs]=[30]
Header to WLS: [X-WebLogic-Force-JVMID]=[unset]

The proxy log does not show any certificates being passed from Client Header to Proxy...

The client can though access the application on the weblogic; it is just application does not find any matching certificates and then it throws the error.
Client sends the certificates via XML request.

These are the headers seen in the proxy log:

2012-11-12T00:09:34.7549-05:00 <910413526969741> No of headers =9
2012-11-12T00:09:34.7549-05:00 <910413526969741> Header from client:[Content-Type]=[text/xml]
2012-11-12T00:09:34.7549-05:00 <910413526969741> Header from client:[Authorization]=[Basic Q0VSVFRFU1RJTkdfQURNSU46YWJjMTIz]
2012-11-12T00:09:34.7549-05:00 <910413526969741> Header from client:
=[XXX]
2012-11-12T00:09:34.7549-05:00 <910413526969741> Header from client:[company-code]=[YYYY]
2012-11-12T00:09:34.7549-05:00 <910413526969741> Header from client:[User-Agent]=[Java/1.7.0_04]
2012-11-12T00:09:34.7549-05:00 <910413526969741> Header from client:[Host]=[lt-XXX.YYYY.com:4443]
2012-11-12T00:09:34.7549-05:00 <910413526969741> Header from client:[Accept]=[text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2]
2012-11-12T00:09:34.7549-05:00 <910413526969741> Header from client:[Connection]=[keep-alive]
2012-11-12T00:09:34.7549-05:00 <910413526969741> Header from client:[Content-Length]=[379]

I would greatly appreciate any inputs.
Thanks in advance.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points