KPI Partners Blog

OBIEE 11G – Important Security Considerations (SSL) With LoadBalancer

Posted by KPI Partners News Team on Mon, Dec 03, 2012 @ 11:27 PM

by Shiva Molabanti

In OBIEE enterprise topology, make sure the external load balancer used can terminate SSL requests at the load balancer and forward traffic to the back-end real servers using the equivalent non-SSL protocol (for example, HTTPS to HTTP).

For security purposes, and because the load balancer terminates SSL requests (Oracle HTTP Server routes the requests as non-SSL to WebLogic Server), after SSL is configured for the load balancer, turn on the WebLogic Plugin Enabled flag for the domain. To do this, follow these steps:

1. Log in to the Administration Console.
2. Click the domain name in the navigation tree on the left.
3. Click the Web Applications tab.
4. In the Change Center, click Lock & Edit.
5. Select WebLogic Plugin Enabled.
6. Click Save, then click Activate Changes.
7. Restart the Administration Server and Managed Server.

Tip: WebLogic Plugin Enabled: Specifies whether or not the proprietary WL-Proxy-Client-IP header should be honored. (This is needed only when WebLogic plugins are configured.)

In additon to above, make sure Oracle HTTP Server (OHS) to add the following SSL directives in each <location> section to the ORACLE_BASE/admin/instance_name/config/OHS/component_name/mod_wl_ohs.conf file:

WLProxySSL ON

WLProxySSLPassThrough ON

Tips: Set WLProxySSL parameter to ON to maintain SSL communication between the plug-in and WebLogic Server when the following conditions exist:

An HTTP client request specifies the HTTPS protocol
The request is passed through one or more proxy servers (including the WebLogic Server proxy plug-ins)
The connection between the plug-in and WebLogic Server uses the HTTP protocol
When WLProxySSL is set to ON, the location header returned to the client from WebLogic Server specifies the HTTPS protocol.

Reference: https://blogs.oracle.com/pa/entry/obiee_11_1_1_important1

 

molabantishiva 128

Shiva Molabanti is a Manager and Senior Architect at KPI Partners.  He is a business intelligence enthusiast who likes blogging about acquisitions in the BI space, technical workings of BI tools, and Oracle Business Intelligence.  Visit Shiva at his personal blog: http://shivabizint.wordpress.com/

Tags: OBIEE, Shiva Molabanti, Oracle BI



Subscribe to the KPI Blog