Wednesday Feb 08, 2012

Change WebLogic Server Mode from Development to Production and JDK Mode from Client to Server

What does it take to change WebLogic 10.3.x server mode from development to production? It may be a bit trickier than what you found via Googling...

Please see my blog at BlogSpot: Change WebLogic Server Mode from Development to Production and JDK Mode from Client to Server to see what could be missing ...[Read More]

Tuesday Oct 11, 2011

Offloading SSL from WLS to the F5

Having trouble with your WebLogic Admin console?  Getting strange HTTPS or SSL messages from your browser when trying to save updates to the EM or Admin console?  So was I.  My browser presented me with the following warning, "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.  Are you sure you want to continue sending this information?" And, the WebLogic Server console did not save my changes. But, I was able to correct my configuration to resolve the issue.  So, I thought I would share my notes on the pieces involved.

In my case, there are three pieces involved:  F5, OHS (Oracle HTTP Server), and WLS (WebLogic Server 10.3.4).  SSL (or HTTPS) is terminated at the F5 (BIG-IP LTM) and HTTP traffic from the F5 to OHS is in plain-text.  OHS was necessary to support a third-party Single-Sign On (SSO) solution.

Starting with the F5, I needed to configure a header to be passed with the requests called WL-Proxy-SSL and set the value to true (WL-Proxy-SSL: true).  I found this well-documented in in the section "Creating an HTTP profile".  The F5 will set this header when it receives an HTTPS request bound for WebLogic Server. This lets WebLogic Server know that the original request was initiated over SSL.  This header should not be sent if the inbound traffic to the F5 was not SSL (HTTPS).

The second piece of the puzzle was the WebLogic plugin for OHS. The plug-in parameter documentation can be found here.  WLProxySSLPassThrough should be set to ON, so that the OHS proxy/plug-in will pass the WL-Proxy-SSL header on to WebLogic Server. The parameter applies to each Location element and should look something like:

<Location /console>
    SetHandler weblogic-handler
    WebLogicHost MyHostName
    WeblogicPort 7001
    WLProxySSLPassThrough ON

The next two changes are checkbox changes in the WebLogic Server console.  The first checkbox can be found on the WebLogic console under Preferences->Shared Preferences (banner at the top of the initial console splash page).  The field is called "Follow Configuration Changes" and is enabled by default.  This setting should be disabled so that the console does not trigger a reload of configuration pages when an activation of changes occurs.  Deselect the "Follow Configuration Changes" checkbox.

The final change was to configure the Adminserver so that it would acknowledge the proxy plugin headers.  This field is titled "WebLogic Plug-In Enabled" and can be found on the page Configuration->General in the Advanced section. This checkbox defaults to false, but should be changed to true when using the proxy plug-in.  Care should be taken when enabling this flag as it can open a potential security risk.  If this flag is enabled, the server should be secured so that client traffic can only come through your known proxy and not a rogue client masquerading as a proxy.  Additional details can be found in Chapter 11: Using WebLogic Security of Professional Oracle WebLogic Server.


This is the blog for the Oracle FMW Architects team fondly known as the A-Team. The A-Team is the central, technical, outbound team as part of the FMW Development organization working with Oracle's largest and most important customers. We support Oracle Sales, Consulting and Support when deep technical and architectural help is needed from Oracle Development.
Primarily this blog is tailored for SOA issues (BPEL, OSB, BPM, Adapters, CEP, B2B, JCAP)that are encountered by our team. Expect real solutions to customer problems, encountered during customer engagements.
We will highlight best practices, workarounds, architectural discussions, and discuss topics that are relevant in the SOA technical space today.


« February 2017