|
| Network Fitting OTM / G-Log into your network - including browsers, firewalls, reverse-proxies and SSO. |
 | | 
February 21st, 2008, 12:56
| | Junior Member | | Join Date: Feb 2008
Posts: 8
Thanks: 1
Thanked 1 Time in 1 Post
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 0 | | | Trouble with OTM behind Websphere Edge as reverse-proxy?
Has anyone set-up OTM with websphere as the reverse proxy? We tried using the steps described in the section "Enabling Reverse-Proxy Support" of the Administration Guide but it does not seem to work.
Anyone have any ideas or suggestions? Please help
Thanks
Dereference |
February 21st, 2008, 22:29
|  | Site Moderator | | Join Date: Jun 2006 Location: West Chester, PA
Posts: 816
Thanks: 53
Thanked 199 Times in 121 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 10 | | | Re: Trouble with OTM behind Websphere Edge as reverse-proxy?
Yes - OTM works with several reverse-proxy (RP) servers, though it was designed to work behind Apache-based RP servers. I've configured it in the past to work with Netegrity, Aventail, Apache and Microsoft ISA. Unfortunately, I haven't seen it work with WebSphere Edge
You are correct to configure the glog.webserver.URL to point towards your reverse-proxy: Code: glog.webserver.URL=https://reverse-proxy.nexweb.org:443 The problem you're experiencing is that OTM uses very complex javascript and the WebSphere Edge Server is trying to manipulate it in order to make it work. I've seen the same issue with Aventail and it just doesn't work. You'll need to do the following: - Disable all html, jsp, javascript and URL parsing in the reverse-proxy server.
- Utilize a URL prefix (such as /otmprod) and allow the reverse-proxy server. This ensures that OTM will automatically prepend the URL prefix to all outbound URLs, including javascript.
- Ensure that the reverse-proxy server strips the URL prefix off before passing requests back to OTM.
So your data transmission looks like this: - Request from browser to RPL:
- http://otmserver.mavenwire.com/otmprod/GC3/glog.webserver.servlet.umt.Login
- Request from RP to OTM web:
- http://otmserver.mavenwire.com/GC3/glog.webserver.servlet.umt.Login
- Response from OTM web to RP:
- http://otmserver.mavenwire.com/otmprod/GC3/glog.webserver.util.FrameGC3Servlet
- Response from RP web to browser:
- http://otmserver.mavenwire.com/otmprod/GC3/glog.webserver.util.FrameGC3Servlet
- Request from browser to RPL:
- http://otmserver.mavenwire.com/otmprod/GC3/glog.webserver.util.FrameGC3Servlet
- Request from RP to OTM web:
- http://otmserver.mavenwire.com/GC3/glog.webserver.util.FrameGC3Servlet
- ... and so on.
This requires the proper configuration of your RP server and setting the following property in OTM: Code: glog.webserver.urlprefix=/otmprod If that doesn't work, then the only option is to utilize one of the known-good reverse-proxy servers noted above.
Thanks,
--Chris |
February 22nd, 2008, 02:43
| | Junior Member | | Join Date: Feb 2008
Posts: 8
Thanks: 1
Thanked 1 Time in 1 Post
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 0 | | | Re: Trouble with OTM behind Websphere Edge as reverse-proxy?
Thanks Chris. We will try the steps you suggested and will keep you posted on the results. Thanks again. Much Help
Dereference |
February 22nd, 2008, 14:00
| | Junior Member | | Join Date: Feb 2008
Posts: 8
Thanks: 1
Thanked 1 Time in 1 Post
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 0 | | | Re: Trouble with OTM behind Websphere Edge as reverse-proxy?
Hi Chris,
We are working on the ibmproxy config file right now. Meantime, I have another question. Would you know or have you had situations where OTM was setup behind Squid as reverse-proxy?
We're just making plans for other options and Apache is definitely one option but we do have a linux box right now with squid.
Please advise
Thanks again Chris,
Joby |
March 5th, 2008, 15:31
| | Site Moderator | | Join Date: Jun 2006 Location: West Chester, PA
Posts: 816
Thanks: 53
Thanked 199 Times in 121 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 10 | | | Re: Trouble with OTM behind Websphere Edge as reverse-proxy?
Joby,
Yes - I've seen Squid used also. This usually requires a one-to-one IP/hostname address mapping (external IP/hostname translates directly to the internal app IP/hostname). In this case, you may not need to use the URL Prefix option.
Otherwise, Apache works very well and it (including commercial derivatives) is the most widely used RP with OTM.
--Chris | | The Following User Says Thank You to chrisplough For This Useful Post: | |
March 5th, 2008, 15:37
| | Junior Member | | Join Date: Feb 2008
Posts: 8
Thanks: 1
Thanked 1 Time in 1 Post
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 0 | | | Re: Trouble with OTM behind Websphere Edge as reverse-proxy?
Quote:
Originally Posted by chrisplough  Joby,
Yes - I've seen Squid used also. This usually requires a one-to-one IP/hostname address mapping (external IP/hostname translates directly to the internal app IP/hostname). In this case, you may not need to use the URL Prefix option.
Otherwise, Apache works very well and it (including commercial derivatives) is the most widely used RP with OTM.
--Chris |
Chris,
Thanks much. Still no progress with Webspere. We may have to go with Apache as RP. Any example config files you can point us to for a successful implementation of Apache as RP?
Again thanks so much for the infor.
Dereference |
March 5th, 2008, 15:50
| | Site Moderator | | Join Date: Jun 2006 Location: West Chester, PA
Posts: 816
Thanks: 53
Thanked 199 Times in 121 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 10 | | | Re: Trouble with OTM behind Websphere Edge as reverse-proxy?
Unfortunately, the RP config files were for various clients and I don't have any full config files that I'm at liberty to share. I can share a partial config, however, and this may be enough to get you going down the right path: Code: ProxyPass /otm/ http://otm55prod.company.com
ProxyPassReverse / http://otm55prod.company.com
ProxyPassReverseCookiePath / /otm55prod/ This would require the URL Prefix in the OTM glog.properties file to be set to "/otm". Keep in mind that once OTM is configured for RP access using the URL Prefix, you won't be able to connect to it directly and get full screens.
BTW - I have run across one client no who is using WebSphere as a RP and it is working. Unfortunately, the same applies - can't share their data, since it is client specific.
--Chris |
March 5th, 2008, 15:55
| | Junior Member | | Join Date: Feb 2008
Posts: 8
Thanks: 1
Thanked 1 Time in 1 Post
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 0 | | | Re: Trouble with OTM behind Websphere Edge as reverse-proxy?
Quote:
Originally Posted by chrisplough Unfortunately, the RP config files were for various clients and I don't have any full config files that I'm at liberty to share. I can share a partial config, however, and this may be enough to get you going down the right path: Code: ProxyPass /otm/ http://otm55prod.company.com
ProxyPassReverse / http://otm55prod.company.com
ProxyPassReverseCookiePath / /otm55prod/ This would require the URL Prefix in the OTM glog.properties file to be set to "/otm". Keep in mind that once OTM is configured for RP access using the URL Prefix, you won't be able to connect to it directly and get full screens.
BTW - I have run across one client no who is using WebSphere as a RP and it is working. Unfortunately, the same applies - can't share their data, since it is client specific.
--Chris |
Chris,
Thanks. That's much help. We'll take it from there and let you know how it goes.
Thanks again
Joby |
March 6th, 2008, 14:32
| | Junior Member | | Join Date: Feb 2008
Posts: 8
Thanks: 1
Thanked 1 Time in 1 Post
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 0 | | | Re: Trouble with OTM behind Websphere Edge as reverse-proxy?
Quote:
Originally Posted by dereference Chris,
Thanks. That's much help. We'll take it from there and let you know how it goes.
Thanks again
Joby | Quote:
Originally Posted by chrisplough Unfortunately, the RP config files were for various clients and I don't have any full config files that I'm at liberty to share. I can share a partial config, however, and this may be enough to get you going down the right path: Code: ProxyPass /otm/ http://otm55prod.company.com
ProxyPassReverse / http://otm55prod.company.com
ProxyPassReverseCookiePath / /otm55prod/ This would require the URL Prefix in the OTM glog.properties file to be set to "/otm". Keep in mind that once OTM is configured for RP access using the URL Prefix, you won't be able to connect to it directly and get full screens.
BTW - I have run across one client no who is using WebSphere as a RP and it is working. Unfortunately, the same applies - can't share their data, since it is client specific.
--Chris |
Chris, We fixed the problem.
Thanks so much! Your notes helped tremendously. More power to you.l
Sincerely
Dereference  |
March 6th, 2008, 14:39
| | Site Moderator | | Join Date: Jun 2006 Location: West Chester, PA
Posts: 816
Thanks: 53
Thanked 199 Times in 121 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 10 | | | Re: Trouble with OTM behind Websphere Edge as reverse-proxy?
Hello,
I'm glad to hear that you've gotten it working. Which route did you finally go down? Apache, Squid, WebSphere?
Please post the details to your final solution. This will help others who encounter a similar issue and keep our community growing.
Thanks,
Chris | | |
| Thread Tools | | | | Display Modes |  Linear Mode |
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off | | |
|
