WebLogic: HTTPs Traffic Is Reverted Back To HTTP

[Soumen]

We are currently in the process of migrating from IBm WebSphere to WebLogic 12c. We have the WebLogic servers configured sucessfully for the HTML instances. However we are having issues accessing these HTML instances through the Load Balancer (Citrix NetScaler).

The issue is as described below:

When an HTML client user attempts to login to EnterpriseOne, they connect to the following URL:
https://abcxyz.ssss.com/jde/E1Menu.maf

While it does shows the JDE Login page and the user can log in to JDE but it reverts the URL back to http.

The way we have the SSL setup is we are using SSL Offloading at the load balancer (Citrix NetScaler). Only the traffic from the client to the NetScaler is using SSL. The channel from the NetScaler to the Oracle HTTP server is NOT using SSL.


Now in WebSphere we had this similar issue and we fixed it by reffering to the Doc ID 1596421.1. We bascially added an entry for the httpsIndicatorHeader as documented in the doc and it works for us.

Do we need a similar setup in WebLogic to make it work? If yes what is the required setup/config that needs to be done?

Oracle WebLogic 12.1.3
Windows 2012 R2
JDE E1 9.1
TR 9.1.5.5

Thanks,
Soumen

 

[RussellCodlin]

http://www.ateam-oracle.com/wls-plugin-enabled/

This article should help. Basically go to the General tab on the Server instance configuration page and expand the Advanced section at the bottom. Change WebLogin Plug-In Enabled from Default to Yes and restart the instance.

 

[Soumen]

Thanks Russell. Yes I have seen that article but just enabling the WebPlugin did not help. I made sure the WebLogic Plugin is enabled at the Domain level. And then on the managed JAS server under Advanced, checked the WebLogic Plug-In Enabled checkbox.

This did not help and the URL still reverts back to http upon login.

So I further looked and found this article which I still need to test. Basically it asks to do the following ...

http://fusionsecurity.blogspot.com/2011/04/ssl-offloading-and-weblogic-server.html

On the WebLogic Server:

1. Enabled Plug-in
2. Added .. “WLProxySSLPassThrough ON” on the mod_wl_ohs.conf config files.

On the NetScaler side:

Add a policy to enable header for
WL-Proxy-SSL: true

But I am yet to test this as I am waiting for the NetScaler changes to be done by my Infra guy ... who is taking his own sweet time.

I was hoping somebody on the forum must have done this and if they could give some additional pointers.

 

[RussellCodlin]

Can't comment specifically on the Netscalers but basically on the reverse proxy/load balancer side you'll need to ensure:

• You preserve the request host - ie don't let it change the Host header to be the destination
• You are hitting the root context ie point https://jde.example.com/ at http://jde.weblogic.local:8080/ not http://jde.weblogic.local:8080/jde/ unless you want to turn on rewrites which is generally a pain
• Add WL-Proxy-SSL=true to the request header

On the WebLogic side just enable the plugin either at the domain or server level. Obviously if you running OHS you'll need to apply basically the same settings as above or use their WL module which you've referenced.