OAM 11g High Availability issue

classic Classic list List threaded Threaded
10 messages Options
Raghu Raghu
Reply | Threaded
Open this post in threaded view
|

OAM 11g High Availability issue

Hi,

We are using serverRequestCacheType as BASIC because RSA integration works only with this.
Still we need to achieve High Availability as well. We have two nodes.

The login fails first time, because request_id is generated in one node and username/password submission goes to other node.
We face issue with session stickiness as below:

When a protected resource is accessed, the request is first redirected to the URL "LoadBalancerHost/oam/server/obrareq.cgi"
At this point itself the session stickiness should start, Unfortunately It is not.

We are not seeing the OAM_JSESSIONID cookie ( from OAM weblogic server "OAM server" application) as well. Because of this, teh login fails first time always.

The stickiness start only from the second HTTP request. i.e. user submitting the login form to "/oam/server/auth_cred_submit"
After this point, OAM_JSESSIONID is established and available.

If I access a protected resource again from the same browser, the login is successful.
The session continues to be with the same OAM server afterwards for the same browser window.

can you please help with this issue ?

-Thanks,
Ram

chinniraviteja chinniraviteja
Reply | Threaded
Open this post in threaded view
|

Re: OAM 11g High Availability issue

Hi,

I guess for the first time request is not reaching weblogic server(May be cgi loading from webSever) . If request reaches weblogic server then only JSESSIONID will get create. Make sure that page is not served from cache. or try using custom login page by deploying war in weblogic.
 

Thanks and Regards,
Chinni
Raghu Raghu
Reply | Threaded
Open this post in threaded view
|

Re: OAM 11g High Availability issue

 Hi
1. we are already using a custom login page only. It is in a .NET system separately.

2. At WL proxy log, we have noticed obrareq.cgi request is being forwarded to either of weblogic/OAM.
       Based on my understanding, it is actually not a CGI script as the name suggests now. Theu have done a java implementation already. "obrareq.cgi" just serves as a context name only and you can see teh java handlers configured in the weblogic.xml.
Anyway we will double confirm from OAM logs that this request reaches OAM/weblogic indeed.

- Thanks.

chinniraviteja chinniraviteja
Reply | Threaded
Open this post in threaded view
|

Re: OAM 11g High Availability issue

Hi,

Your understanding is correct obrareq.cgi is not CGI script it was just named as cgi.

Where do you have load balancer? is it before OHS servers or before OAM server?

Can you provide your architecture in more detail?

Thanks
Thanks and Regards,
Chinni
Ram Ram
Reply | Threaded
Open this post in threaded view
|

Re: OAM 11g High Availability issue

Hi,

We don't use OHS.

We use IIS 7.5. We use 10g-webgate.
In the same IIS, websites are created and using weblogic proxy plug-in iis_proxy.ini to do load balancing.
We are using ECC based authentication.

To answer you question, load balancer is before OAM servers.

Rgds,
Ram
chinniraviteja chinniraviteja
Reply | Threaded
Open this post in threaded view
|

Re: OAM 11g High Availability issue

Hi Ram,



As I understood this is the architecture. Please let me know if any changes are there. ?
Thanks and Regards,
Chinni
Usman Ali Shaik Usman Ali Shaik
Reply | Threaded
Open this post in threaded view
|

Re: OAM 11g High Availability issue

Any update on this please.

We are also building the OAM infrastructure. We have already build one OAM 11.1.2.2.0 and its integration is done with RSA AM 8.1 and its working fine.

Now, we have a plan to add second OAM instance in the same domain where the first OAM is running.

Should not it work without LoadBalancer and the sticky concept. Because, We will be having OAM two instances in same Weblogic Domain.

Is there any Officail Documentation from Oracle ? Please share it..
Ravitheja Chinni Ravitheja Chinni
Reply | Threaded
Open this post in threaded view
|

Re: OAM 11g High Availability issue

Hi Usman,

You can add second OAM instance to same weblogic domain without any issue. You don't need any Load Balancer in this scenario, you need to need to update webgate parameters to add new OAM server.

Thanks !!!
veerendrayedlapalli veerendrayedlapalli
Reply | Threaded
Open this post in threaded view
|

Re: OAM 11g High Availability issue

In reply to this post by Usman Ali Shaik
Hi Usman,

Please clarify the below

> Is your current OAM implemented as a cluster? like with 2 or more nodes in it?

> Are you trying to expand the existing OAM environemnt cluster  by adding one more OAM server to it?



On Thu, Nov 5, 2015 at 5:18 AM, Usman Ali Shaik [via IAM IDM Forum] <[hidden email]> wrote:
Any update on this please.

We are also building the OAM infrastructure. We have already build one OAM 11.1.2.2.0 and its integration is done with RSA AM 8.1 and its working fine.

Now, we have a plan to add second OAM instance in the same domain where the first OAM is running.

Should not it work without LoadBalancer and the sticky concept. Because, We will be having OAM two instances in same Weblogic Domain.

Is there any Officail Documentation from Oracle ? Please share it..


If you reply to this email, your message will be added to the discussion below:
http://forum.iamidm.com/OAM-11g-High-Availability-issue-tp31p130.html
To start a new topic under IAM IDM Forum, email [hidden email]
To unsubscribe from IAM IDM Forum, click here.
NAML



--
All glory comes from Daring To Begin

Veerendra Yedlapalli
Greg Genge Greg Genge
Reply | Threaded
Open this post in threaded view
|

Re: OAM 11g High Availability issue

In reply to this post by Raghu
Hitachi-ID uses an Active-Active High Availability loadsharing architecture where you can have 2, 3, or 7 geographically distributed servers. Has any other company offered this, and if not, I wonder why?