Tuesday, February 4, 2014

OAM WebGates in SELINUX environments

I have recently worked on OAM SSO integration issue in RHEL 6.3+ environment which is SELINUX enabled.
There is Apache 2.2 Server 64-bit and respective webgate is installed. After restarting the Apache Server, we are seeing the error messages given below:

 Oblix: 2014/02/03@20:20:41.155559#01115170#01115183#011ACCESS_GATE#011FATAL#0110x00001520#011/scratch/alnguyen/Oblix/coreid1014/palantir/webgate2/src/apache2entry_web_gate.cpp:433#011"Exception thrown during WebGate initialization"#011

 Oblix: 2014/02/03@20:20:41.161535#01115170#01115183#011ACCESS_GATE#011FATAL#0110x0000182A#011/scratch/alnguyen/Oblix/coreid1014/palantir/webgate2/src/apache2entry_web_gate.cpp:434#011"An internal ObError exception was caught."#011raw_code^219#011

Essentially, the webgate is not working and hence the web page access is resulting with error "This webpage has a redirect loop".

We have tried to look below options:

  1. Upon enabling the webgate log in TRACE, nothing interesting was found except that webgate initialization error. Verified the webgate folder level permissions to match the web server user group permissions.
  2. Reconfigured the webgate using configureWebGate command.
  3. Verified the connectivity from WebGate to OAM host.
Finally, we found some denied errors in web server audit log while accessing the webgate protected pages. These errors are due to insufficient permissions at the Unix level. After modifying those permissions, webgate has started working fine.

I will post the Unix level changes made to fix the issue soon.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.