Symantec Access Management

Hi guys,

I' m trying to integrate an Oracle HTTP Server 12.2.1 (with Apache 2.4) with a Siteminder Web Agent 12.52 SP1.

After web agent installation and configuration, I added Siteminder env variables into ohs.plugins.nodemanager.properties file (OHS last version doesn't have opmn.xml file, it is replaced by ohs.plugins.nodemanager.properties file).

When I try to start OHS with "startComponent.sh OHS1" with a non root user, apache fails:

<2016-02-02 17:01:13> <INFO> <OHS-4018> <Starting server OHS1>

<2016-02-02 17:01:13> <INFO> <OHS-0> <Running /app/oracle/product/12.2.1/wlserver/../ohs/bin/launch httpd -DOHS_MPM_EVENT -d /app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS/instances/OHS1 -k start -f /app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS/instances/OHS1/httpd.conf>

<2016-02-02 17:01:13> <INFO> <OHS-0> <httpd: Syntax error on line 71 of /app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS/instances/OHS1/httpd.conf: Cannot load /app/CA/webagent/bin/libmod_sm24.so into server: libsmeventlogger.so: cannot open shared object file: No such file or directory>

<2016-02-02 17:01:13> <INFO> <OHS-0> </app/oracle/product/12.2.1/wlserver/../ohs/bin/launch httpd -DOHS_MPM_EVENT -d /app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS/instances/OHS1 -k start -f /app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS/instances/OHS1/httpd.conf: exit status = 1>

<2016-02-02 17:01:13> <INFO> <OHS-4005> <Check the instance log file for more information: /app/oracle/config/domains/base_domain/servers/OHS1/logs/OHS1.log>

<2016-02-02 17:01:13> <SEVERE> <OHS-0> <Failed to start the server OHS1>

OHS start the first httpd process with root user and childs process with a non root user. The root user and non root user have the env variables configured correctly (NETE_WA_PATH, NETE_WA_ROOT.....).

Any suggestions?

Hi Pax,

As always, I would check the compatibility support matrix for the exact combination of components you are looking to work with. Assuming the above is a supported combination:

I would first checked the linked libraries to verify proper loading with the ldd command (assuming Linux, Unix OS)

ldd libmod_sm24.so

What does your environment variable LD_LIBRARY_PATH have set for the user running apache service?

For my /etc/sysconfig/httpd script I set this at the bottom of that script

PATH=/opt/CA/webagent:bin{$PATH}

. /opt/CA/webagent/ca_wa_env.sh

Also verify the user starting the web server has permissions for everything located in

/apps/netegrity/webagent/

I usually

chown -R apache /opt/CA/webagent/

or in your case

chown -R webserverUser /apps/netegrity/webagent/

I would also check that the user stated in the httpd.conf file has permissions on this directory as well

/app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS/instances/OHS1/

It seems to be that is where your httpd.conf and WebAgent.conf file reside.

Hope this helps,

Adam

Hi Adam,

thanks for your reply.

We have Oracle HTTP Server 12c (12.2.1) 64bit (Apache 2.4 like engine) and it seems supported.

When I start OHS with "oracle" user without sm_module in httpd.conf:

root     14929     1  0 22:43 ?        00:00:00 /app/oracle/product/12.2.1/wlserver/../ohs/bin/httpd -DOHS_MPM_EVENT -d /app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS

root     14930 14929  0 22:43 ?        00:00:00 /app/oracle/product/12.2.1/wlserver/../ohs/bin/odl_rotatelogs -l /app/oracle/config/domains/base_domain/servers/OHS1/logs/OHS1-%Y%m%d%H%M%S.lo

root     14931 14929  0 22:43 ?        00:00:00 /app/oracle/product/12.2.1/wlserver/../ohs/bin/odl_rotatelogs /app/oracle/config/domains/base_domain/servers/OHS1/logs/access_log 43200

root     14932 14929  0 22:43 ?        00:00:00 /app/oracle/product/12.2.1/wlserver/../ohs/bin/odl_rotatelogs /app/oracle/config/domains/base_domain/servers/OHS1/logs/admin_log 43200

root     14933 14929  0 22:43 ?        00:00:00 /app/oracle/product/12.2.1/wlserver/../ohs/bin/odl_rotatelogs -l -h:/app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS/ins

oracle   14934 14929  0 22:43 ?        00:00:00 /app/oracle/product/12.2.1/wlserver/../ohs/bin/httpd -DOHS_MPM_EVENT -d /app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS

oracle   14935 14929  0 22:43 ?        00:00:00 /app/oracle/product/12.2.1/wlserver/../ohs/bin/httpd -DOHS_MPM_EVENT -d /app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS

oracle   14937 14929  0 22:43 ?        00:00:00 /app/oracle/product/12.2.1/wlserver/../ohs/bin/httpd -DOHS_MPM_EVENT -d /app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS

oracle   14939 14929  0 22:43 ?        00:00:00 /app/oracle/product/12.2.1/wlserver/../ohs/bin/httpd -DOHS_MPM_EVENT -d /app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS

The parent process start with "root" user to bind the service on privileged port (4 Running Oracle HTTP Server  ).

Library libmod_sm24.so is proper loaded for root and oracle user, both users have sm env variables:

export NETE_WA_ROOT=/app/CA/webagent

export NETE_WA_PATH=${NETE_WA_ROOT}/bin

export CAPKIHOME=/app/CA/webagent/CAPKI

export LD_LIBRARY_PATH=${NETE_WA_ROOT}/bin:${NETE_WA_ROOT}/bin/thirdparty:${LD_LIBRARY_PATH}

export PATH=${NETE_WA_PATH}:${PATH}

The same env variables are configured into ohs.plugins.nodemanager.properties file ( F Property Files ) and are loaded when OHS start:

[oracle@xxxxxxxx OHS1]$ more /app/oracle/config/domains/base_domain/servers/OHS1/logs/lastinvocation.log

PATH=/app/CA/webagent/bin:/app/oracle/product/12.2.1/wlserver/../ohs/bin:/app/oracle/product/12.2.1/wlserver/../bin:/bin:/usr/bin:/usr/local/bin; export PATH

NETE_WA_ROOT=/app/CA/webagent; export NETE_WA_ROOT

ORA_NLS33=/app/oracle/product/12.2.1/wlserver/../nls/data; export ORA_NLS33

TNS_ADMIN=/app/oracle/product/12.2.1/wlserver/../network/admin; export TNS_ADMIN

LD_LIBRARY_PATH=/app/oracle/product/12.2.1/wlserver/../ohs/lib:/app/oracle/product/12.2.1/wlserver/../lib:/app/oracle/product/12.2.1/wlserver/../oracle_common/lib:/app/CA/webagent/bin:/app/C

A/webagent/bin/thirdparty; export LD_LIBRARY_PATH

PRODUCT_HOME=/app/oracle/product/12.2.1/wlserver/../ohs; export PRODUCT_HOME

SHELL=/bin/bash; export SHELL

COMPONENT_TYPE=OHS; export COMPONENT_TYPE

OHS_ALLOW_COREFILES=no; export OHS_ALLOW_COREFILES

LIBPATH=/app/oracle/product/12.2.1/wlserver/../ohs/lib:/app/oracle/product/12.2.1/wlserver/../lib:/app/oracle/product/12.2.1/wlserver/../oracle_common/lib; export LIBPATH

COMMON_COMPONENTS_HOME=/app/oracle/product/12.2.1/wlserver/../oracle_common; export COMMON_COMPONENTS_HOME

NETE_WA_PATH=/app/CA/webagent/bin; export NETE_WA_PATH

COMPONENT_CONFIG_PATH=/app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS/instances/OHS1; export COMPONENT_CONFIG_PATH

LANG=en_US.UTF-8; export LANG

OHS_UMASK=0027; export OHS_UMASK

ORACLE_HOME=/app/oracle/product/12.2.1/wlserver/..; export ORACLE_HOME

COMPONENT_NODEMANAGER_STATE_FILE=/app/oracle/config/domains/base_domain/servers/OHS1/logs/ohs.state; export COMPONENT_NODEMANAGER_STATE_FILE

PERL5LIB=/app/oracle/product/12.2.1/wlserver/../perl/lib/5.10.0:/app/oracle/product/12.2.1/wlserver/../perl/lib/site_perl/5.10.0:/app/oracle/product/12.2.1/wlserver/../ohs/mod_perl/lib; expo

rt PERL5LIB

COMPONENT_NAME=OHS1; export COMPONENT_NAME

COMPONENT_LOG_PATH=/app/oracle/config/domains/base_domain/servers/OHS1/logs; export COMPONENT_LOG_PATH

ORACLE_INSTANCE=/app/oracle/config/domains/base_domain; export ORACLE_INSTANCE

NLS_LANG=AMERICAN_AMERICA.WE8ISO8859P1; export NLS_LANG

X_LD_LIBRARY_PATH_64=/app/oracle/product/12.2.1/wlserver/../ohs/lib:/app/oracle/product/12.2.1/wlserver/../lib:/app/oracle/product/12.2.1/wlserver/../oracle_common/lib:/app/CA/webagent/bin:/

app/CA/webagent/bin/thirdparty; export X_LD_LIBRARY_PATH_64

/app/oracle/product/12.2.1/wlserver/../ohs/bin/launch httpd -DOHS_MPM_EVENT -d /app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS/instances/OHS1 -k start -f /app/oracle/c

onfig/domains/base_domain/config/fmwconfig/components/OHS/instances/OHS1/httpd.conf

Httpd script is a binary file and I can't edit it, Web Agent home directory and  /app/oracle/config/domains/base_domain/config/fmwconfig/components/OHS/instances/OHS1/ (path where are stored webagent.conf and httpd.conf) are full accessible by oracle user.

Any ideas Adam?

Thanks in advance.

Hi,

I'm not quite understand the issue.

Do you mean start up OHS with root user is success but start up OHS with non root user (ie: oracle) is failed?

Some points to check:

1. Output of

ldd /app/CA/webagent/bin/libmod_sm24.so

2. Any hardening on the OS? Do you have SELinux enable? Try disable SELinux if this is enabled.

Regards,

Kar Meng

CA Siteminder r12.52 SP1 Supported Configuration Matrix

https://support.ca.com/phpdocs/7/5262/5262_SiteMinder_12_52_SP1_Platform_Support.pdf

Oracle HTTP Server 64-bit: 12c (Apache 2.2.22)

I'm verifying this information is correct:

Oracle HTTP Server 12.2.1 (with Apache 2.4)

Hi Steve,

It seems there is a typo in our PSM.

From Oracle doco,

Oracle HTTP Server 12.2.1 (with Apache 2.4)

New and Changed Features Available with Apache httpd 2.4

In this release, the Oracle HTTP Server core runtime is based on the release of Apache httpd 2.4

What's New in Oracle HTTP Server 12c (12.2.1)

and this seems to be supported configurations.

PS: I have brought this to the notice of the Product Manager and requested them to fix the PSM.

Cheers,

Ujwol

Hi there,

So did you configure the OHS manually or was it auto configured with our web agent installer ?

I have recently gone through the manual configuration steps for OHS 11g and that was for windows, I just posted that as tech tip  see if it helps

Tech Tip - CA Single Sign-On:Web Agent: How to configure SiteMinder Webagent for OHS manually ?

Between, can you please clarify your what is the OS ?

Cheers,

Ujwol