Single sign-on in weblogic cluster?

Similar Messages

• NTLM and Single Sign On with WebLogic 8.1

  Hi guys,
  I've only been using WebLogic for about 3 weeks now, I have developed a small web app using servlets and need to add "single sign-on" functionality to it. One of my colleagues advised me to use NTLM, but he doesnt have any experience in implementing it with WebLogic.
  Could anyone send me some instructions or directions? Sample code maybe? I dont have much experience with security.
  Thanks guys,
  Tommy

  Hi Tommy,
  I used to work for a security company that built an off-the-shelf product that did NTLM SSO (along with SPNEGO), so I feel that I can give you a little bit of advice here. If you want a quick solution, buy it from Quest. The product is called Vintela SSO. If you want to actual build this your self however, I have given a rough guide of how to start.
  Essentially, you will need to develop new Identity Assertion and Authentication provider MBeans. There are guides on how to do this in the WebLogic SSPI documentation.
  http://edocs.bea.com/wls/docs81/dvspisec/index.html
  The Authentication provider should be pretty trivial (just making mappings from autheticated users to roles), but the Identity Assertion provider is a whole other kettle of fish. You will need to do some serious reading on NTLM:
  http://davenport.sourceforge.net/ntlm.html#whatIsNtlm
  You will also need to pickup a copy of an NTLMSSP java library. You can get one called jCIFS from http://jcifs.samba.org/
  Your identity assertion provider needs to parse the NTLM credential from the WWWAuthenticate line in a HTTP Request from IE. You then need to validate the token using JCIFs. You then use JAAS to create a JAAS Login Principal that is passed to the new Authentication Provider which will match the authenticate user against groups. Then you slip to the normal SSPI role-mapping process from there.
  Once you have created the new providers, you need to wrap them in JMX MBeans so that WebLogic can use them.
  This is all going to be quite a big job to implement.

• Deploying OracleAS Single Sign-On Server Cluster setup with a Proxy Server

  I have a question regarding setting up a OracleAS Single Sign-On Server in a cluster mode along with a Apache Proxy Server.
  Step1 - I'm planning to install OracleAS Single Sign-On Server on two nodes sso1.oracle.com and sso2.oracle.com in a Cluster. Both the nodes in the cluster accesed via Load balancer i.e sso.oracle.com.
  Step2 - Then I'm planning to setup two Apache Servers as Proxy Server i.e apache1.oracle.com and apache2.oracle.com. These two apache servers are accessed via Load balancer i.e apache.oracle.com
  The question I have is
  1)while setting up OracleAS Single Sign-On cluster I would provide Load balancer host i.e sso.oracle.com as part of the install. So that all the user requests coming to sso1.oracle.com/sso2.oracle.com get redirected back to Load balancer.
  2)But as part of the Apache Server proxy setup I am also supposed to redirect from SSO server to apache.oracle.com
  But using ssocfg.sh I can only provide either sso.oracle.com or apache.oracle.com NOT BOTH.
  In this case what I should
  1) avoid redirecting to sso.oracle.com instead redirect only to apache server OR are there any other methods to configure.
  I have above setup working fine in DEV environment, where there is only one sso server and one apache proxy server. Problem really comes when I go for setting OSSO server as a cluster in this case I have to redirect to load balancer as well as proxy server?

  why not using webcacheclustering between the apache and the 2 sso's?

• ALUI 6.5 on Weblogic 10 - Single Sign-On Options

  We have ALUI 6.5 portal running on Windows 2003 in a Weblogic 10.0 MP1 environment. The portal is configured with Active Directory Authentication Source. Logging in with AD credentials to the Auth. Source works fine. What are our options to implement single sign-on in this environment? Do we need to use kerberos identification for Weblogic? If so, how does WL pass this over to ALUI?
  Any information in this area is highly appreciated.

  Sanjay - thanks for this information. This is getting us closer to find a solution. We have the IIS to Weblogic plugin configured and it is now proxying requests to Weblogic, for instance, http://server/portal/server.pt is proxying the request to server:7001/portal/server.pt. We have set the authentication source within ALUI to use "sync with auth partner" and set the auth. partner to "SSO authentication source".
  What we are completely not clear about is the CustomSSO header to accept the user name sent to the portal. Do you mean the section that starts with portal:SSOVendor (see below). Do we also change the values for the NameHeader, PrefixHeader, etc? With the settings as is, the error we are seeing is "SSO integration returned a null username. Exiting SSOLoginPage".
  <component name="portal:SSOVendor" type="http://www.plumtree.com/config/component/types/portal/ssovendor">
            <setting name="UseRemoteUser">
                 <value xsi:type="xsd:integer">1</value>
            </setting>
            <setting name="NameHeader">
                 <value xsi:type="xsd:string">PT_USERNAME</value>
            </setting>
            <setting name="PrefixHeader">
                 <value xsi:type="xsd:string">PT_DOMAIN</value>
            </setting>
            <setting name="PasswordHeader">
                 <value xsi:type="xsd:string">PT_PASSWORD</value>
            </setting>
            <setting name="Cookie">
                 <value xsi:type="xsd:string">PT_SECURE_COOKIE</value>
            </setting>
            <setting name="SecureHeader">
                 <value xsi:type="xsd:string">PT_</value>
            </setting>
            <setting name="LogoutURL">
                 <value xsi:type="xsd:string"></value>
            </setting>
  <clients>
  <client name="portal"/>
  </clients>
  </component>
  Thanks for your input into this.

• Single Sign-On using SAML in WebLogic Server 10.3

  I followed Vikrant Sawant's tutorial on how to configure single sign-on (SSO) with SAML in WebLogic (http://www.oracle.com/technology/pub/articles/dev2arch/2006/12/sso-with-saml.html) but am being forced to re-authenticate when going from Domain B back to Domain A. I'd appreciate any help or suggestions.
  I posted a question in the General forum here:
  Single Sign-On using SAML in WebLogic Server 10.3

  I too am facing the same problem SSO with SAML - Session on Source Site killed after landing on Destination
  Thanks
  Togotutor
  <b><a class="jive-link-external" href="http://www.togotutor.com">http://www.togotutor.com</a> (Learn Programming and Administration for Free)</b>
  Edited by: user7507600 on Sep 17, 2010 10:01 AM

• Single-Sign with Essbase and WebLogic

  Hi,I am trying to achieve a single sign-on between my WebLogic application and Essbase. I am looking at the new security platform API but I don't quite understand how that achieves single sign-on.The API requires me to authenticate the user with a username/password first before I can get the token, but the user is already authenticated by WebLogic and there is no way to get the password (SSL with form authentication).Does the security platform not cover this scenario? Thanks,- Robert

  For System 9, I think SiteMinder comes close to what the OP wants, but it does not apply to fat client tools.
  See http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/html_cas_help/ch02s03.html for the encouraging bits and http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/html_cas_help/ch02s03s01.html for the discouraging bits.
  But it comes close.
  System 11 expands the number of SSO hosts, but alas, also seems to not support fat clients: http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_security/cas_help.htm
  So, access to Workspace is easy, but the classic add-in and SV are still not there.
  Regards,
  Cameron Lackpour

• Single Sign on using SAML between JWS application and Web Application

  Hi,
  We have two applications one is swing based Java Web Start application and other is a normal web application. We are trying to enable single sign on between both the applications. Can SAML be used to enable single sign on? If yes, can some one let us know how to do this?
  Thanks,
  Rama

  Thanks. But it is based on two WEB applications deployed on two different weblogic domains. What I am looking for is one application which is launched using Java Web Start(JNLP) and other a web application. The Java Web Start application uses its proprietary authentication implementation and the web application used DefaultAuthenticator of weblogic. Hope this detail will help you to answer my question better. I should have given this information earlier.
  Thanks.
  Rama

• Single sign-on and different usernames and passwords

  Hello,
  I am building a Portal with WLPS 3.5 and WLS 6.0. I tried to get
  information about the background of single sign-on.
  I understand, that I need a Realm (i.e. LDAP Realm) to authenticate the
  user for the first login to the portal (with username and password).
  Now I would like to integrate my webmail-programm (to get emails from
  Lotus Notes via Internet) as a portlet.
  For my understanding the user has to authorizate to get access to webmail.
  Therefore I create a ACL for webmail and this ACL is assigned to my
  security Realm.
  I would like the portlet to show after login the number of mails for the
  specific user. But where are the username and password for webmail stored
  and how are they received and forwarded?
  I understand that my ACL included all users that have access to webmail
  (i.e. all users). But I only want emails for the specific user.
  Does WLS get all usernames and passwords while the first login? Do I have to
  implement a algorithmen to get the specific username and password for the
  requested resource in my portlet?
  Has anyone solved a similar problem or can tell me where I can get more
  information. I read the WebLogic Security document but I cant find a
  answer to my questions.
  Thanks
  Lydia

  Lydia,
  I'm not an expert in this area, but I can give you a start.
  As for single sign-on, there are different levels. For single sign-on across web-apps,
  the servlet spec requires this (section 12.6 of th 2.3 spec) and therefore Weblogic
  does this.
  What you are talking about is single sign-on across back-end applications through
  a web-app. BEA has partnered with Securant (just acquired by RSA) to provide this
  kind of functionality. Browse to http://www.rsasecurity.com/products/ and look
  at the ClearTrust product. BEA has also partnered with Netegrity (www.netegrity.com)
  with their SiteMinder product. Neither is included in the Weblogic license. I'm
  sure either vendor would be excited to explain how their product will solve your
  problem if you give them a call.
  As for where the username and passwords are stored, that is up to the realm. If
  you are using the default WLPS RDBMSRealm, the username and encrypted password
  are stored in the WLCS_USER table. If you are using LDAPRealm, they are stored
  in your LDAP server.
  Hope this was useful!
  PJL
  [email protected] wrote:
  Hello,
  I am using PersonalizationServer 3.5 and WLS 6.0 SP 2.
  Now I try to unterstand the functionality of Single sign-on when a user
  has different usernames and passwords for different applications.
  Can someone explain where the usernames and passwords for a user are
  stored (all in the LDAP-realm or a RDBMS-realm?) When a user access the
  application how username and passwords are mapped? Or usernames and
  passwords for all applications are the same and will be equalized?
  Precisely I would like to get access to a mail-account for a specific
  user
  (webmail from Lotus Notes).
  Thanks for any help
  Lydia

• Single sign-on and custom DBLoginModule

  Hi,
  I need help in making sso work. I have Application Server version 10.1.3.1.0, I've developed application in JDeveloper 10.1.3.3. that uses form based login and when deployed to server I can normally login/logout. Now I want to enable single sign on, so I've changed security provider of javasso to the one I'm using in my application (oracle.sample.dbloginmodule.DBProcLM.DBProcOraDataSourceLoginModule) and started javasso, added my application to participating applications, and restarted the instance.
  When I try to access my application, login page of javasso is shown but I cannot login, always get incorrect username/password. The strange thing is that logs are empty, so i guess that dblogin module is never fired.
  Also I've changed my login method so it supports identity callback, like described in here .
  This Re: Custom Login Module and JavaSSO said that orion-application.xml of my application and javasso should be the same, I haven't figured out what should I do with javasso orion-application.xml and how sould it look like.
  this is orion-application.xml of my application
  <?xml version = '1.0' encoding = 'windows-1250'?>
  <orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd">
  <library path="./adf"></library>
  <jazn location="./jazn-data.xml" provider="XML"/>
      <data-sources path="./data-sources.xml"/>
  <jazn-loginconfig>
       <application>
            <name>secure-web-app</name>
            <login-modules>
                 <login-module>
                      <class>oracle.sample.dbloginmodule.DBProcLM.DBProcOraDataSourceLoginModule</class>
                      <control-flag>required</control-flag>
                      <options>
                           <option>
                                <name>data_source_name</name>
                                <value>jdbc/WMSPortalDS</value>
                           </option>
                           <option>
                                <name>debug</name>
                                <value>true</value>
                           </option>
                           <option>
                                <name>plsql_procedure</name>
                                <value>PK_SECURITY.GET_USER_AUTHENTICATION</value>
                           </option>
                           <option>
                                <name>log_level</name>
                                <value>ALL</value>
                           </option>
                      </options>
                 </login-module>
            </login-modules>
       </application>
  </jazn-loginconfig>        
  </orion-application>this is orion-application.xml of javasso
  <?xml version = '1.0' encoding = 'utf-8'?>
  <orion-application
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd"
      schema-major-version="10"
      schema-minor-version="0"
      component-classification="internal">
  <security-role-mapping name="{{PUBLIC}}">
      <group name="{{PUBLIC}}" />
  </security-role-mapping>
  <jazn provider="XML">
  </jazn>
  </orion-application>Please help, this is very urgent to me, all advices and guide lines are more than welcome.
  Thanks in advance,
  Tomislav.

  To be clear maybe someone will help.
  I have a cluster topology, with one application server and 3 oc4j instances.
  I've done following steps and without success, on my test instance:
  1. Deployed application with custom DBLogin (I'm using: oracle.sample.dbloginmodule.DBProcLM.DBProcOraDataSourceLoginModule)
  2. Sucessfully login / logout -> so I guess DBLogin is working fine
  3. Stopped the java sso application
  4. Changed the javasso Security Provider to my custom DBLogin with following parameters:
  class: oracle.sample.dbloginmodule.DBProcLM.DBProcOraDataSourceLoginModule
  data_source_name - jdbc/WMSPortalDS
  log_level - ALL
  plsql_procedure - PK_SECURITY.GET_USER_AUTHENTICATION
  debug - true
  5. Added Connection Pool and Data Source in javasso Administration -> JDBC -> tested connections and it was sucessful
  6. Started javasso application
  7. Then I went to Java SSO Configuration -> Participating applications -> checked my application
  8. Restarted instance
  9. Try to login -> invalid username / password
  In enerprise manager Log files -> javasso -> there are only messages regarding starting and stopping application
  Questions:
  1. orion-application.xml for javasso -> what exactly needs to be specified inside, currently I have following:
  <?xml version="1.0"?>
  <orion-application  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd"  deployment-version="10.1.3.1.0" default-data-source="jdbc/OracleDS" component-classification="internal"
    schema-major-version="10" schema-minor-version="0" >
          <web-module id="javasso-web" path="javasso-web.war" />
          <security-role-mapping name="{{PUBLIC}}">
                  <group name="{{PUBLIC}}" />
          </security-role-mapping>
          <persistence path="persistence" />
          <jazn provider="XML">
                  <property name="custom.loginmodule.provider" value="true" />
                  <property name="role.mapping.dynamic" value="true" />
          </jazn>
          <log>
                  <file path="application.log" />
          </log>
          <data-sources path="./data-sources.xml" />
  </orion-application>2. orion-application.xml for my application
  <?xml version="1.0"?>
  <orion-application  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd"  deployment-version="10.1.3.1.0" default-data-source="jdbc/OracleDS" see-parent-data-sources="false" component-classification="external"
    schema-major-version="10" schema-minor-version="0" >
          <web-module id="Portal" path="Portal.war" />
          <persistence path="persistence" />
          <library path="./adf" />
          <jazn provider="XML" location="jazn-data.xml" default-realm="jazn.com" >
                  <property name="custom.loginmodule.provider" value="true" />
                  <property name="role.mapping.dynamic" value="true" />
                  <jazn-web-app auth-method="CUSTOM_AUTH" />
          </jazn>
          <log>
                  <file path="application.log" />
          </log>
          <data-sources path="./data-sources.xml" />
  </orion-application>3. How to get any information into logs, I cannot find out what I'm doing wrong since there's no output in logs for javasso and my application.
  Please help, I'm really stuck and I have to resolve this as soon as possible.
  Thanks in advance,
  Tomislav.

• Single Sign-on and SSL problems

  We are using WebLogic Portal and Server (version 8.1 SP3). We want to have a single sign-on when entering the portal, so that users do not need to reauthenticate each time they access an application via an applet in the portal. We also want to protect the username/password authentication and all other connection information using SSL. We have applications in multiple domains.
  When not using SSL, SSO works okay. We are challenged for username/password exactly once, whether we access the Portal, or an application directly. As soon as we enable SSL, we are challenged repeatedly, and in some cases cannot access the applications at all, as the challenge always fails.
  We suspect that there is a Session cookie problem and that something is clobering the cookie and thus breaking the session. Does anyone have any idea on what might be causing the problem?

  Hi Derick,
  I want to make our discussion into 2 parts
  1) Sign on
  2) Viewing data based on the Heirarchy
  1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
  2) We can make the second point possible in two ways One is with providing restriction at universe level
  and the other one is through the use of flash variables.
  Using flash variables:
  The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
  I hope this is what you ar looking for....
  If so i have more points to acheive such scenario.
  Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
  Regards,
  AnjaniKumar C.A.

• Using weblogic.cluster.singleton.SingletonService

  We have written a Singleton class implementing this interface
  weblogic.cluster.singleton.SingletonService
  http://otndnld.oracle.co.jp/document/products/wls/docs100/javadocs/weblogic/cluster/singleton/SingletonService.html
  and have seen on one occasion a thread dump which shows 2 instances of the class actively running at the same time
  the docs say
  This interface defines a stateless lightweight singeton service that has the following contract:
  Activate is invoked on one and only one server in a cluster
  The question is whether this implies there is only one instance within that server at any time, or can multiple exist?

  No, only one instance will be started at one single managed server in the cluster.

• Weblogic cluster for 24x7 environment and a front OHS server

  Hi experts,
  We are going to set up a reliable J2EE application server environment by using clustering webgoic servers on TWO nodes, and a front OHS https server in DMZ for load balancing.
  I am new to weblogic cluster and load balance by OHS. I have visited this forum for Fusion MiddleWare clustering etc. Can some experts share some light on this?
  Will our deployment architecture be able to handle the J2EE applications failover? In other word, we can restart one of Weblogic Managed Servers when a new release of J2EE codes are re-deployed without impacting business end users’s usage?
  Problems we want to solve:
  1. All J2EE applications are available for 24x7 even when new J2EE codes are released and deployed on weblogic Managed Servers ANY TIME, side-by-side deployment and restart a managed server if we need to clean the HTTP cache.
  2. The J2EE applications should be accessed by external and internal users with a Single Access Point, like
  https://apps.company1.com/j2ee1
  https://apps.company2.com/j2ee1
  https://apps.company1.com/j2ee2
  https://apps.company2.com/j2ee2
  All J2EE applications (j2ee1, j2ee2, j2ee3 etc) should be deployed on both of weblogic Servers in a cluster, and pointing to a SAME backend database.
  Can some experts share with us the best practices on components and configurations? Thanks.

  Seems your architecture is like Browser => OHS ( DMZ ) => Weblogic => DB OR Browser => HLB( like bigip ) => OHS ( DMZ ) => Weblogic => DB
  Cluster is the solution for load balancing however if you are using OHS for redirection to weblogic then OHS does the load balancing in round robin way. using cluster in this way has a benefit of in case of any one of your managed server is down the OHS will divert connection request to any one of the active managed server ( you have to turn on dynamic list on at OHS ).
  http://weblogicserveradministration.blogspot.com/2010/10/load-balancing-in-weblogic-server.html
  Failover is something different, if in case any of the any managed server goes down then your user you get the application session from another server but new one, means the the tasks not saved by the users on earlier session will lost. for that yo need to use cluster and then need to enable the session replication. another best option is you can use the coherence web if you are using latest versions of weblogic supporting coherence web. with that you not need to worry on user sessions and you can start any of the managed server anytime without worrying about the user sessions.
  http://weblogicserveradministration.blogspot.com/2010/10/manage-http-session-states-session.html
  http://weblogicserveradministration.blogspot.com/2011/05/oracle-coherence-37-coherenceweb.html
  http://weblogicserveradministration.blogspot.com/2010/11/clustering-part-i.html
  another way is, you can use side by side deployment feature in case you don't want shutdown your application completely, with this, old connections and new requests will goes to old application and once new application activated all new requests will come to new application and once all requests on old application will complete that application will retire automatically.
  Regards
  Mukesh Negi
  http://weblogicserveradministration.blogspot.com

• R3 systen connection error and Single sign on probelm in QA BW system

  Dear all
  Last two week back we have migrated the QA BW system to HA environment by using the system copy method (backup/restore method), after that we are facing two issues.
  1.     In RSA1 go to Source system select the R3 system, then right click and then select the check after that we are getting below error message.
  BI unknown in source system
  BI IDoc type ZSQB007 is not the same as source system IDoc type
  The following errors occurred in the source system
  Incorrect IDoc type ZSPA014 in the ALE definition of the source system
  2.     We have connected our QA portal to BW system by using the single sign on for that we have to reload the single sign on certified both place ( Bw and EP side ) ?
  Kindly guide us
  Regards
  Sriram

  Hi bhuban
  Thanks for you reply
  In My case we have do the system copy from Qa standalone to High available Cluster environment (both Hardware are different), in that I am not go to change the logical system and all RF C's. It will remain same because of in our Z development they are hot code the system Name. From source system I can able to log in the BW system in other way its give error message.
  Kindly support us
  Regards
  Sriram

• Singleton class in WebLogic Cluster

  Hi,
  We have an application set-up in a weblogic cluster.
  We have a singleton class in the application.
  Since we have two managed servers in the cluster the singleton has two instances, one in each server.
  So the basic purpose of use of singleton is lost.
  Could anyone please give some alternative implementation.
  Regards
  Gunajit K

  One alternative is to set up some type of centralized store for the information you are trying to share between VMs. I would look at what you are trying to do with the singleton and make some descisions.
  Specifically, I would at least look at how much access you will need to the data, how much network traffic it will take to send it to each node in your cluster, and what kind of transactional integrity you require.
  A JMS publish/subscribe topic would be a good solution if you are caching some type of data that changes relatively infrequently. You could set this up yourself or check out SpiritSoft's Spirit Cache product (no, I don't work for SpiritSoft).
  Or you could simply store the information in some type of database and access it via EJBs or JDBC or whatever you like.
  Clearly, the performance of such a store will not be as quick as the in-memory access a Singleton provides inside a single JVM. So be careful about what solution you choose and be sure to optimize its performance as best you can.

• Customize Single sign on

  I tried the metalink note for customizing single sign on and
  when i run the custom login it doest redirect to the users home
  page, its simply dies.
  Can some explain the parameters in the package
  portal30_sso.wwsso_app_admin.
  ls_login
  site2pstoretoken in varchar2
  ,ssousername in varchar2 default null
  ,password in varchar2 default null
  ,subscribername in varchar2 default null
  ,p_request in varchar2 default null
  ,p_test_cookies in varchar2 default null
  ,p_suppress_warning in boolean default false
  and how to use the site2pstoretoken and other parameters.
  Thank in advance
  Mir

  In your mod_wl_ohs.conf add the following two lines:
  Debug ON
  WLLogFile /tmp/mod_wl_ohs.log
  Bounce your OHS/Aapche instance and try to access the site again. You can then review the log to see if it's telling you anything that could shed some light on the issue. You can post up the log here if you want and I can give you my two cents worth of advice. I'm very familiar with with the OHS/OAM setup and config, but I haven't used the SSO server before, so I might be a bit out of my territory.
  Here's a sample of what my mod_wl_ohs looks like if you want to see an example:
  #NOTE : This is a template to configure mod_weblogic.
  LoadModule weblogic_module "${ORACLE_HOME}/ohs/modules/mod_wl_ohs.so"
  # This empty block is needed to save mod_wl related configuration from EM to this file when changes are made at the Base Virtual Host Level
  #<IfModule weblogic_module>
  # WebLogicHost <WEBLOGIC_HOST>
  # WebLogicPort <WEBLOGIC_PORT>
  # Debug ON
  # WLLogFile /tmp/weblogic.log
  # MatchExpression *.jsp
  #</IfModule>
  # <Location /weblogic>
  # SetHandler weblogic-handler
  # PathTrim /weblogic
  # ErrorPage http:/WEBLOGIC_HOME:WEBLOGIC_PORT/
  # </Location>
  <IfModule weblogic_module>
  Debug ON
  WLLogFile /tmp/mod_wl_ohs.log
  <Location /app1>
  WebLogicHost companyserver.companydomain.com
  WebLogicPort 7004
  SetHandler weblogic-handler
  </Location>
       <Location /app2>
  WebLogicHost companyserver.companydomain.com
  WebLogicPort 7004
  SetHandler weblogic-handler
  </Location>     
  </IfModule>