Forward parameters in reverse proxy configuration

Hi,
Looking at the detailed configuration in a reverse proxy rule in SJSWS, I have derived the following conclusions:
1) Where the SJSWS listener has SSL-enabled, reverse proxy works on a HTTPS in, HTTP out basis.
2) Details in the incoming request's SSL header, such as User DN, will be stripped out and remapped into the outgoing request as a custom header, e.g. "Proxy-user-dn".
Can anybody tell me if I have gotten anything wrong above?
We are currently switching over from an Apache/mod_proxy/mod_ssl --> Apache/mod_jk --> Apache Tomcat server setup to a hybrid model where SJSWS is the web server reverse proxying to Tomcat (old apps) and SJSAS (new apps).
My question:
All our apps use the User DN string as the user ID. Previously, we developed a custom module in Apache to read the DN at the Apache level and then rewrite it into the Basic Auth user name header in the outgoing request. The Tomcat webapp will then authenticate the user based on the Basic Auth user name property. Is it possible for me to remap it into something similar here in the SJSWS reverse proxy configuration?
Thanks!
Wong

I am not a reverse proxy expert, but this Object-type SAF should forward userdn
http://docs.sun.com/app/docs/doc/820-1062/6ncoqnq3b?l=en&a=view&q=forward-user-dn
You can look for more such SAFs in this document.

Similar Messages

SAP Webdispatcher - Reverse Proxy Configuration

Hi All,
Need your help in configuration SAP Webdispatcher as reverse proxy. Currently we are using Apache as reverse proxy, but we are facing 400 Bad Request error and not able to solve the issue.
So We are planning to install Webdispatcher and configure reverse proxy and test.
Below is the Apache Reverse proxy configuration. Need help in configuring the same parameters in SAP Webdispatcher
ProxyPass /sap http://srmerver:8000/sap
ProxyPass /SRM-MDM http://mdmserver:50100/SRM-MDM
ProxyPass /mdmimages http://portalserver:8090/mdmimages
ProxyPass /irj http://portalserver:50100/irj
ProxyPass /saml2 http://portalserver:50100/saml2
ProxyPass / http://portalserver:50100/　
ProxyPassReverse /sap http://srmserver:8000/sap
ProxyPassReverse /SRM-MDM http://mdmserver:50100/SRM-MDM
ProxyPassReverse /mdmimages http://portalserver:8090/mdmimages
ProxyPassReverse /irj http://portalserver:50100/irj
ProxyPassReverse /saml2 http://portalserver:50100/saml2
ProxyPassReverse / http://portalserver:50100/
Regards
Ponnusamy

Hi
Kindly refer the SCN link
How to...Configure SAP Webdispatcher as a reverse proxy
http://basisondemand.com/Documents/Whitepaper_on_SAP_Web_Dispatcher.pdf
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a015cea3-9627-2e10-a792-8f39e3d0b59d?QuickLink=index&…
Regards
Sriram

Reverse Proxy Configuration - Apache as an SSL reverse-proxy

Hi,
We have EP 6.0 SP 14 installed with SSL configured.
We are in need to open the application to internet.
For the same we have set up a reverse proxy server (Apache as SSL
Reverse Proxy).
Our requirement is to open the application to the internet with
web address https://abc.domain.com.
The issue is we are able to access the application from internet only when
https://abc.domain.com/irj/potal is typed.
(ie.) Mapping is working fine for
https://abc.domain.com/irj/portal to
our EP Portal address https://abc2.domain.com:50001/irj/portal
And not working for mapping https://abc.domain.com to our EP Portal
address https://abc2.domain.com:50001/irj/portal
We have been working on to resolve this issue for days together but have been really unsuccessful
Kindly help us in resolving the same asap.
Note : The references we used are:
1. SAP's document:
"Apache Reverse Proxy Configuration for J2ee 6.20 and 6.40 Web Applications"
2. Weblogs:
The Reverse Proxy Series -- Part 1: Introduction
The Reverse Proxy Series -- Part 3: Apache as a reverse-proxy
The Reverse Proxy Series -- Part 3.1: Apache as an SSL reverse-proxy
Regards,
venkat.

Thanks much for the feedback. We're using the default settings on the HTTP rule we have set up for the portal on the ISA server. We'll be looking into the details of what the default rule settings are, however we did find a note in the Microsoft Knowledge base detailing with the ISA server screening high bits in URL strings for Outlook Web Access (OWA). This generates a similar error message. Here is the link to the detailed note on the Microsoft web site:
http://support.microsoft.com/?scid=kb;en-us;837865
Also,we are going to be applying the SP1 upgrade to the ISA server (released in March) to see if this might be some type of issue that may have been identified and corrected by the service pack. We'll see what happens with that.
One area where we can recreate the problem at will is when we set up the system landscape configuration. We can navigate to a system configuration object, however when we attempt to right click to edit the object we get the error. There are other circumstances where we get errors but that is one that occurs for sure. Anyone have any idea as to what might be special about that type of transaction??
Thanks again.
Rich

OHS to Weblogic Reverse Proxy configuration Problem

Hi,
Pls go through the following points and suggest.
1. I have an Access Manager in place and I need to integrate it with Webcenter and Oracle Identity Manager.
2. I have only one webserver in place which is reverse proxied for both the application servers(OIM as well as Webcenter) and only one webgate installed.
Can I achieve SSO with this architecture? My doubt is while specifying the challenge parameter in Access Manager,how can i specify it?

Thanks for the reply. Let me detail you regarding my configuration.
1. One webserver configured as reverse proxy for two app serrvers(weblogic1 for webcenter and weblogic2 for Identity manager)
2. My reverse proxy config in httpd.conf file are as follows
ProxyPass /webcenter http://app1:8888/webcenter
ProxyPassReverse /webcenter http://app1:8888/webcenter
ProxyPass /xlWebApp http://app2:7001/xlWebApp
ProxyPassReverse /xlWebApp http://app2:7001/xlWebApp
3. Created two policy domains for /webcenter and /xlWebApp and Iam using form based authentication scheme.
My Challenge parameters as follows:
form: /am_login/login.html (am_login.war is deployed on both app1 and app2)
creds:userid password
action:/dummy.cgi
Now the problem is whenever http://webserverhost:7777/webcenter is accessed,it should redirect to http://webserverhost:7777/am_login/login.html. But its not happening so reason being,after hitting the url it is not able to find the am_login.war in /webcenter on the appserver.Instead its deployed on the root "/" not inside "/webcenter".
Samething is happening for /xlWebApp too. Can you suggest some configuration which would make my things work?

Reverse Proxy Configuration Help

I am running OFM 11.1.1.6.
Web Cache is running on port 8888.
Portal's OHS (the WebCache origin server) is running on 7777.
Reports' OHS (for /reports/rwservlet) is running on 8890.
Non-Oracle Apache 2.2 is running as a reverse SSL proxy for Portal on port 443.
I want to configure this reverse proxy so that it appears to the end user that the reports server is also running in HTTPS on port 443, instead of on port 8890. Can anyone please give me a tip on how to set this up?
In my httpd.conf for my Apache reverse proxy server, I have this within my main SSL virtual host:
ProxyPassReverse / http://hostname:8888/
ProxyPreserveHost On
RewriteEngine On
RewriteRule ^/(.*) http://hostname:8888/$1 [P]Do I need to add an additional virtual host for the proxy to the reports server? Or can I include it in this same virtual host? I've tried the following, but couldn't get it to work:
ProxyPassReverse /reports/rwservlet/ http://hostname:8890/reports/rwservlet/
ProxyPassReverse / http://hostname:8888/
ProxyPreserveHost On
RewriteEngine On
RewriteRule ^/reports/rwservlet/(.*) http://hostname:8890/reports/rwservlet/$1 [P]
RewriteRule ^/(.*) http://hostname:8888/$1 [P]Any guidance is appreciated.

In case anyone finds this, this is how I got it all working:
In httpd.conf for the Apache reverse proxy:
ProxyPreserveHost On
RewriteEngine On
RewriteRule ^/reports/(.*) http://hostname:8890/reports/$1 [P]
ProxyPassReverse /reports http://hostname:8890/reports
RewriteRule ^/(.*) http://hostname:8888/$1 [P]
ProxyPassReverse / http://hostname:8888/In the Portal OHS's httpd.conf:
NameVirtualHost *:7777
<VirtualHost *:7777>
     ServerName https://hostname
     RewriteEngine On
     RewriteOptions inherit
     UseCanonicalName On
     OssoConfigFile E:/ora11/product/portal_instance/config/OHS/ohs1/osso/osso_ssl.conf
     OssoIpCheck off
     OssoSecureCookies off
     OssoIdleTimeout off
</VirtualHost>In the reports server's httpd.conf:
NameVirtualHost *:8890
<VirtualHost *:8890>
     ServerName https://hostname
     RewriteEngine On
     RewriteOptions inherit
     UseCanonicalName On
     OssoConfigFile E:/ora11/product/reports_instance/config/OHS/ohs1/osso.conf
     OssoIpCheck off
     OssoSecureCookies off
     OssoIdleTimeout off
</VirtualHost>You can use the same osso.conf for both reports and portal. Make sure to register with SSO specifying https://hostname as the registered URL.

Help with Apache Reverse Proxy configuration with SAP Portal and SAP Webgui

Dear Experts,
I have an issue configuring Apache to work with SAP Portal and ERP webgui. Accessing Portal through Reverse Proxy is working fine. But the problem arises when we try to open an iView ERP webgui transaction page from Portal with the Reverse Proxy. Have anyone implemented similar requirements and could advice on the configuration required on the Apache side? Thank you

hi,
pls check the below links for reference:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/24396589-0a01-0010-3c8c-ab2e3acf6fe2
searchsap.techtarget.com/searchSAP/downloads/chapter-december.pdf
1)Learn to implement the reverse proxy filter and portal gateway in SAP Enterprise Portal 6.0 on Web Application Server 6.40.
https:/.../irj/sdn/nw-portalandcollaboration?rid=/webcontent/uuid/006efe7b-1b73-2910-c4ae-f45aa408da5b
.2 )Configuring the Portal for Your Reverse Proxy Filter Solution . ... This document describes the reverse proxy filter mechanism in SAP Enterprise ...
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/32ad9b90-0201-0010-3c8a-c900cd685f8f
3)have full reverse proxy functionality. Possibly. filter. requests. Internet ... Reverse proxy (optionally with authentication etc.) ...
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/c066c390-0201-0010-3cba-cd42dfbcc8be
Note:please reward points if solution found helpfull
Regards
Chandrakanth.k

Printing Issue from ITS with a Reverse Proxy Configured

Hi experts,
We have an enterprise portal landscape which can be accessed from the internet. The URLs are mapped using apache server as a reverse proxy. Also, we have configured the reverse proxy settings for accessing R/3 systems.
When the users try to take the print out from the ITS Web GUI accessed through the enterprise portal, the page redirects itself to an only internally resolvable host name of the R/3 ITS.
Due to this issue, users are not able to take prints from internet.
I would like to know if there is any way by which i can change this to my externally resolvable reverse proxy host address, which in turn can be mapped internally to the original host name at the reverse proxy level.
Can any one help me out in this?
Thanks a lot
Shobin

Hi Shobin,
SAP note 1145306 might provide some help about directives to be used.
Regards,
Dieter

Reverse Proxy configuration

Hi ,
Shall I know to configure the reverse proxy server in DMZ along with HTTPS to HTTP redirection.
Regards,
Satyanarayana

Please check, this is specific to Oracle EBS, but good doc to understand on Reverse Proxy
Case History: Implementing a Reverse Proxy Alone in a DMZ Configuration - R12 (Doc ID 726953.1)

SAPUI5 app and Reverse proxy configuration

Hi
Im trying to configure proxyserver for Cross origin resource sharing issue.
The below steps i have configured in my machine.
1. I have developed an application which consumes data through odata.
2. Download and configured Apache server and enabled proxy module as per this url
http://scn.sap.com/community/developer-center/front-end/blog/2013/06/29/solving-same-origin-policy-issue-in-different-ways
3. In httpd.config file added the below reverse proxy setup
ProxyPass /poodata http://HOSTNAME:8000/sap/opu/odata/sap/Z_PORDER_SRV/
ProxyPassReverse /poodata http://HOSTNAME:8000/sap/opu/odata/sap/Z_PORDER_SRV/
4. Changed my service url as
var serviceUrl = "proxy/http/localhost/poodata";
5. Also i have added java-property-utils-1.9.jar and cors-filter-1.8.jar then
in web.xml i have added Eventhough its seems not neccessary.
<filter>
<display-name>CacheControlFilter</display-name>
<filter-name>CacheControlFilter</filter-name>
<filter-class>com.sap.ui5.resource.CacheControlFilter</filter-class>
</filter>
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
</filter>
6. Finally when i am executing the application throgh http://localhost:9080/SamplePO/ Its working. But Instead of localhost when im using IP address it shows NO DATA and throws the "500 internal server error - only allowed for local testing"
also the application is trying to fetch data from 'http://10.130.41.158:9080/SamplePO/proxy/http/localhost/poodata/$metadata' where the location should be 'http/localhost/poodata/$metadata'.
I want to access this application in my iPAD through WIFI by passing IP address followed by application name (http://10.130.41.158:9080/SamplePO).
Please help me to fix this issue.
Regards
Yokesvaran Kumarasamy

Hi Michael Herzog / DJ Adams / Frank Welz,
It seems you have v.good knowledge on this, can you please help with this issue.
Thanks in Advance
Regards
Yokesvaran Kumarasamy

Reverse Proxy Configuration - (HPVM Guest) - 11iV3

Hello Unix Champs,
On 11iV3 - Vm Guest - we want to configure this server as reverse proxy
Please share step by step procedure/documents to do same.
Thanks in advance
Regards,
Prashant Behal

Hi,
In addition to Luca's comment in order to determine if the farm is actually working correctly in the first instance, did you disable or remove the old server farm?
Can you also confirm that there are no static routes in place on the IIS ARR box?
Kind regards
Ben
Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems or queries.

Reverse Proxy Configuration - HPVM (Guest)

Hello Unix Champs,
On 11iV3 - Vm Guest - we want to configure this server as reverse proxy
Please share step by step procedure/documents to do same.
Thanks in advance
Regards,
Prashant Behal

Assuming your webserver is apache, you have to make the apache proxy-aware. This can be done statically (while building apache from source with --with-proxy option) or dynamically with a LoadModule directive.
Once the above is done, you will need to write these directives in the apache httpd.conf:
ProxyEnable Off
ProxyPass /localurl remote-url
ProxyPassReverse....
In the OAM config, protect /localurl.
For other webservers, read the documentation of that webserver.
Hope this helps.

Reverse Proxy Configuration help Needed

Hi,
What steps should i follow if i have both Sun Web Server 6.1.
Web Server 1 - http://192.168.20.40:768 (Want to use this as reverse proxy)
Web Server 2 - http://201.192.30.20:1010
Can anyone please guide me what changes i should do in obj.conf and magnus.conf.
Add this line in Magnus.conf
Init fn="load-modules" shlib="/appl/sunjs/SUNWwbsvr/plugins/passthrough/libpassthrough.so"
This libpassthrough.so location is in the Server 1.
Add the below line in obj.conf
<Object name="passthrough">
Service fn="service-passthrough" servers="http://team.yahoo.co.nz:1010"
</Object>
Do i need to do any changes to the obj.conf and magnus.conf in the Server 2.
Please let me know if i am going wrong.
Regards,

Hi,
Reverse Proxy Web Server - http://Sol9-dev.uname.yahoo.co.nz:8002
All request Want to redirect to - http://Sol10-dev.uname.yahoo.co.nz:8080
Obj.Conf
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="assign-name" from="/amserver(|/*)" name="reverse-proxy"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn=pfx2dir from=/mc-icons dir="/appl/sunjs/SUNWwbsvr/ns-icons" name="es-internal"
NameTrans fn=document-root root="$docroot"
PathCheck fn=unix-uri-clean
PathCheck fn="check-acl" acl="default"
PathCheck fn=find-pathinfo
PathCheck fn=find-index index-names="index.html,home.html,index.jsp"
PathCheck fn=validate_session_policy
ObjectType fn=type-by-extension
ObjectType fn=force-type type=text/plain
Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
Service method=(GET|HEAD|POST) type=*~magnus-internal/* fn=send-file
Service method=TRACE fn=service-trace
Error fn="error-j2ee"
AddLog fn=flex-log name="access"
</Object>
<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>
<Object name="cgi">
ObjectType fn=force-type type=magnus-internal/cgi
Service fn=send-cgi user="$user" group="$group" chroot="$chroot" dir="$dir" nice="$nice"
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>
<Object name="send-compressed">
PathCheck fn="find-compressed"
</Object>
<Object name="compress-on-demand">
Output fn="insert-filter" filter="http-compression"
</Object>
<Object ppath="*/dummypost/sunpostpreserve*">
Service type=text/* method=(GET) fn=append_post_data
</Object>
<Object ppath="*/UpdateAgentCacheServlet*">
Service type=text/* method=(POST) fn=process_notification
</Object>
<Object name="reverse-proxy">
Service fn="service-passthrough" servers="http://sol10-dev.uname.yahoo.co.nz:8080"
</Object>
Log Messages
[22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/, ntrans-j2ee reports: directory listing for context "/amserver"
[22/Apr/2008:13:36:11] fine ( 4761): GET requests for virtual server https-Sol9-dev-pa.uname.yahoo.co.nz can safely bypass ACL checks
[22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/index.html, service-passthrough reports: PASS1022: passing request to http://Sol10-dev.uname.yahoo.co.nz:8080
[22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/index.html, service-passthrough reports: PASS1037: not rewriting "Location: http://Sol9-dev.uname.yahoo.co.nz:8002/amserver/index.html" from http://Sol10-dev.uname.yahoo.co.nz:8080
[22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/UI/Login, service-passthrough reports: PASS1022: passing request to http://Sol10-dev.uname.yahoo.co.nz:8080
[22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/UI/Login, service-passthrough reports: PASS1037: not rewriting "Location: http://Sol10-dev.uname.yahoo.co.nz:8002/amserver/UI/Login" from http://Sol10-dev.uname.yahoo.co.nz:8080
Now i do not have anything in the reverse proxy server /amserver apart from the index.html (http://Sol9-dev.uname.yahoo.co.nz:8002/amserver/index.html)
I guess i do not need to have the same application on the reverse proxy as of the original server where i am redirecting.
Hope to find a solution soon.
Thanks for all your help.
Reagrds,

How to configure SharePoint HNSC with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.

Could you please let me know how SharePoint HNSC can be configured with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.
In normal path based site collections/web applications, reverse proxy configuration can be done using alternate access mappings with Public URL = "proxy URL", internal = "HNSC Share Point URL" so that share point sends response back
to Public URL = "proxy URL".
In Host Named Site Collections, alternate access mappings are not supported. Each HNSC is designed to have only one URL in each zone. Zone is one of the five zones(Default,Intranet,Internet,Custom,Extranet) with each of which only one alternate
URL is associated. This is what we are able to get using power shell command "Set-SPSiteUrl", but this will not help us to get the response back to proxy URL after a request sent to share point because we could not find any mechanism in share
point HNSC to respond to a different URL(proxy URL). Consequently, Share Point URLs are exposed to external users.
Below share point article in MSDN blog is symmetrical to what we are observing with Share Point 2013 and Proxy Server. It mentions that internal HNSC URLs can’t be hidden using any proxy server. If hiding the internal Share Point URLS is a requirement,
it suggests to use a web application instead of host named site collections.
Though I’m also observing the same behavior with Share Point 2013 HNSC, Could you please confirm my understanding is correct.
http://blogs.msdn.com/b/kaevans/archive/2012/03/27/what-every-sharepoint-admin-needs-to-know-about-host-named-site-collections.aspx
Excerpt from above article-
"Host Named Site Collections Only Use One Host Name
Continuing on the discussion on AAMs and host named site collections, you cannot use multiple host names to address a site collection in SharePoint 2010. Because host-named site collections have a single URL, they do not support alternate access mappings and
are always considered to be in the Default zone. This is important if you are using a reverse proxy to provide access to external users. Products like Unified Access Gateway 2010 allow external users to authenticate to your gateway and access a site
as http://uag.sharepoint.com and forward the call to http://portal.sharepoint.com. Remember that URL rewriting is not permitted. Further, a site collection can only respond to one host name. This means if you are using a reverse proxy, it must forward the
calls to the same URL. If your networking team has a policy against exposing internal URLs externally, you must instead use web applications and extend the web application using an alternate access mapping."<u5:p></u5:p>

Hi Satish,
You are right that only one URL is allowed for each zone of the host-name site collections in both SharePoint 2010 and SharePoint 2013.
It is by design that each host-name site collection only support one URL for each zone.
The article below is about RTM version of SharePoint, and it is the same for SharePoint 2013 with the latest CU.
https://support.microsoft.com/en-us/kb/2826457
So to make the URL of HNSC not exposed to external users is not supported, you need to use path-based sites instead.
Best regards.
Thanks
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]

Implementing a Reverse Proxy Alone in a DMZ Configuration....???

Hii All ,
have anybody implemented this configuration..??
Implementing a Reverse Proxy Alone in a DMZ Configuration - R12 [ID 726953.1]
we planning to implement this configuration, please guide me if anybdy implemented and working with this configuration.
Thanks
RB

Hi,
1)in that document they have used 10g webcache as reverse proxy... but in my case already modproxy in place can i use this modproxy in place of 10g webcache..?A number of options exist for choosing a reverse proxy -- See (Oracle E-Business Suite R12 Configuration in a DMZ [ID 380490.1]), Appendix D: Reverse Proxy Configuration
It is also explained in this article.
In-Depth: Demilitarized Zones and the E-Business Suite
http://blogs.oracle.com/stevenChan/2006/05/indepth_demilitarized_zones_an.html
2)i have 2 web nodes loadbalancing through reverseproxy, do i need to configure the external web node on both the web nodes ..according to the above doc..?You do not need to have a dedicated reverse proxy for each web tier node (see the second diagram in this doc).
Advanced Deployment Architectures for Oracle E-Business Suite (OpenWorld 2008 Recap)
http://blogs.oracle.com/stevenChan/2008/11/advanced_deployment_architectures_for_oracle_ebs.html
Thanks,
Hussein

B2B-51075 Missing signer certificate receiving AS2 through reverse proxy

We are setting up AS2 communication through B2B on 11.1.1.6.7, Our reverse proxy configuration in the DMZ looks as shown:
<Location /b2b/httpReceiver>
WebLogicHost internalsoa.domain
   WebLogicPort 8001
   WLLogFile /dmz/logs/wl-proxy.log
   SetHandler weblogic-handler
</Location>
https://externaledi.domain/b2b/httpReceiver
-Dhttp.proxySet=true -Dhttp.proxyHost=externaledi.domain -Dhttp.proxyPort=443
When I go to the externally available URL, I receive the B2B Server is ready to accept HTTP messages from the Trading Partner message.
In the TRACE:32 logging, I see:
[2014-01-10T09:20:30.551-08:00] [soa_server1] [TRACE] [] [oracle.soa.b2b.engine] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c8ec097869f74d35:75fef00f:14379dde17a:-8000-0000000000080c34,0] [SRC_CLASS: oracle.tip.b2b.system.DiagnosticService] [APP: soa-infra] [SRC_METHOD: synchedLog_J] Utility:getAllCertsFromWallet:Loaded Certs 5
[2014-01-10T09:20:30.553-08:00] [soa_server1] [ERROR] [] [oracle.soa.b2b.engine] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c8ec097869f74d35:75fef00f:14379dde17a:-8000-0000000000080c34,0] [APP: soa-infra] java.lang.NullPointerException[[
        at oracle.tip.b2b.packaging.SmimeSecureMessaging.verify(SmimeSecureMessaging.java:834)
        at oracle.tip.b2b.packaging.mime.MimePackaging.processSignedMultipartMessage(MimePackaging.java:1080)
        at oracle.tip.b2b.packaging.mime.MimePackaging.processMultipartMessage(MimePackaging.java:908)
        at oracle.tip.b2b.packaging.mime.MimePackaging.processMessageContent(MimePackaging.java:865)
        at oracle.tip.b2b.packaging.mime.MimePackaging.doUnpack(MimePackaging.java:780)
        at oracle.tip.b2b.packaging.mime.MimePackaging.unpack(MimePackaging.java:670)
        at oracle.tip.b2b.engine.Engine.processIncomingMessageImpl(Engine.java:1888)
        at oracle.tip.b2b.engine.Engine.processIncomingMessage(Engine.java:1654)
        at oracle.tip.b2b.transport.InterfaceListener.onMessageLocal(InterfaceListener.java:412)
        at oracle.tip.b2b.transport.InterfaceListener.onMessage(InterfaceListener.java:220)
        at oracle.tip.b2b.transport.basic.TransportServlet.doPost(TransportServlet.java:754)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
        at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
        at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
        at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
        at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
        at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
        at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
        at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
        at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
        at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
        at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
java.lang.NullPointerException
        at oracle.tip.b2b.packaging.SmimeSecureMessaging.verify(SmimeSecureMessaging.java:834)
        at oracle.tip.b2b.packaging.mime.MimePackaging.processSignedMultipartMessage(MimePackaging.java:1080)
        at oracle.tip.b2b.packaging.mime.MimePackaging.processMultipartMessage(MimePackaging.java:908)
        at oracle.tip.b2b.packaging.mime.MimePackaging.processMessageContent(MimePackaging.java:865)
        at oracle.tip.b2b.packaging.mime.MimePackaging.doUnpack(MimePackaging.java:780)
        at oracle.tip.b2b.packaging.mime.MimePackaging.unpack(MimePackaging.java:670)
        at oracle.tip.b2b.engine.Engine.processIncomingMessageImpl(Engine.java:1888)
        at oracle.tip.b2b.engine.Engine.processIncomingMessage(Engine.java:1654)
        at oracle.tip.b2b.transport.InterfaceListener.onMessageLocal(InterfaceListener.java:412)
        at oracle.tip.b2b.transport.InterfaceListener.onMessage(InterfaceListener.java:220)
        at oracle.tip.b2b.transport.basic.TransportServlet.doPost(TransportServlet.java:754)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
        at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
        at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
        at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
        at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
        at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
        at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
        at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
        at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
        at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
        at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
[2014-01-10T09:20:30.553-08:00] [soa_server1] [TRACE] [] [oracle.soa.b2b.engine] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c8ec097869f74d35:75fef00f:14379dde17a:-8000-0000000000080c34,0] [SRC_CLASS: oracle.tip.b2b.system.DiagnosticService] [APP: soa-infra] [SRC_METHOD: synchedLog_J] MimePackaging:processSignedMultipartMessage:Signature Verification failed
[2014-01-10T09:20:30.585-08:00] [soa_server1] [TRACE] [] [oracle.soa.b2b.engine] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c8ec097869f74d35:75fef00f:14379dde17a:-8000-0000000000080c34,0] [SRC_CLASS: oracle.tip.b2b.system.DiagnosticService] [APP: soa-infra] [SRC_METHOD: synchedLog_J] Notification: notifyApp: payload = <Exception xmlns="http://integration.oracle.com/B2B/Exception" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">[[
<correlationId>null</correlationId>
<b2bMessageId>0A0A117A1437D2B5D520000017198417</b2bMessageId>
<errorCode>B2B-51075</errorCode>
<errorText>
<![CDATA[Missing signer certificate.
]]>
We used the following notes to guide the configuration:
http://blog.darwin-it.nl/2012/11/b2b11g-with-apache-20-as-forward-proxy.html
http://anuj-dwivedi.blogspot.sg/2010/10/enabling-ssl-on-oracle-b2b-11g.html
Has anyone gotten AS2 communication to work through a reverse proxy? We are not picking up any agreements or senders in the B2BConsole reports.
Thanks,
-Michael

It turns out the trading partner provided the incorrect certificate. Once they sent a new certificate (must be the one they use for signing), everything worked.

Forward parameters in reverse proxy configuration

Similar Messages

Maybe you are looking for