Friday 30 June 2017

OHS URL Rewrite

First half of this year I did two SAML2 implementations on Weblogic. One of those was to implement Single Sign On against ADFS for Apex applications.

In short, we installed an adapted version of ORDS on a Weblogic server and configured SAML2 for Service Provider initiated SSO, as can be read here.

We added an Oracle HTTP Server as reversed proxy to the story. For the other customer I found out how to create a separate saml2 routing, since we wanted a SP specific URI, but Weblogic only listen to the /saml2 URI. I solved that using the PathTrim and PathPrepend options in OHS, as can be read here.

But one thing that left was a 'Nice' URI. When we now want to get to the application we need to have an url like https://host.customer.nl/ords/f?p=ApexId  But we wanted to use something like https://apexappname.customer.nl. I thought to be smart and just do a PathPrepend of ords/f?p=ApexId. But this is considered to be a folder, so OHS/Apache adds a trailing slash '/', resulting in an url like: https://host.customer.nl/ords/f?p=ApexId/  .This routes to Apex nicely, but Apex considers the slash as part of the ApexId,  so you'll get a message indicating that Apex cannot find the 'ApexId/' application.

I was lost until I finaly found this blog. What we want is that if the user enters into the root of the server, the URL is rewritten to the Apex application. Actually not completely, because we rather have the ords extension left out the equation.

The trick is in the following three lines:
    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^/$
    RewriteRule ^(.*)$ https://host.customer.nl/ords/f?p=ApexId [R,L]

When you use SSL,  and need to add this to the ssl.conf, you should add it to the virtual host configuration, just
    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^/$
    RewriteRule ^(.*)$ https://host.customer.nl/ords/f?p=ApexId [R,L]

  </IfModule>
</VirtualHost>


We could fine tune this to do something like the following:
    <Location /f>
        SetHandler weblogic-handler
        WLSRequest ON
        WebLogicCluster weblogic.host1.customer.local:7003, weblogic.host2.customer.local:7003
        PathPrepend /ords
        KeepAliveEnabled on
        KeepAliveSecs 10
    </Location>
    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^/$
    RewriteRule ^(.*)$ https://host.customer.nl/f?p=ApexId [R,L]
  </IfModule>
</VirtualHost>

Although I did not test this yet, that would at least remove the append of the /ords in the URI. It would only append the /f?p=150 part.Currently I don't know how to prevent that, since Apex does need these parameters. For Weblogic and OHS Apex is an application that works with parameters in the URI.


No comments :