Enabling SSL Termination for OAM and OAAM



Some components of the identity stack need to verify the user connected via SSL.

If you are proxying connections through OHS to your OAM servers you can set up OHS to terminate SSL and pass through the connection to OAM (usually running on port 14100). But there is a little trick that is needed to tell Weblogic that the connection is secure - even though it may be coming in over a non secure port (14100).

Chris Johnson has a comprehensive write up on SSL offloading which covers the more complex scenario where an external load balancer is doing the termination.

The recipe I describe here is for the simpler case where OHS is terminating SSL and forwarding the connections to OAM vi the mod_weblogic plugin.

First validate that your Weblogic domain has the Weblogic Plugin enabled (see Chris's article above). I found that it was enabled by default. YMMV.

Login to /oamconsole and navigate to

System Configuration -> Access Manager -> Access Manager Settings


Edit your load balancer settings to enable SSL. Here is an example:




Note that the server host and port are your OHS instance (not the OAM server / port number).

Restart the oam_server1 managed server for this change to take effect.

Now edit your mod_wl_ohs.conf in your OHS instance and set the "WLProxySSL" to ON for OAM and OAAM:

<Location /oaam_server>
 SetHandler weblogic-handler 
 WebLogicPort 14100 
 WLProxySSL ON 
</Location>
<Location /oam>
 SetHandler weblogic-handler
 WebLogicPort 14100 
 WLProxySSL ON 
</Location>


Restart your OHS instance.

Try to go to a protected resource. You should be redirected to the OAM login page over an SSL connection.






Let’s revive this blog ;)

I know, I know… It’s been a while… Believe me I feel the guilt… I should really share more with the community, so here I am begging for your mercy, and also for your help.
Recently I often find myself a bit clueless, as I don’t know what to write about any more, there are just too many subjects about OpenAM. :)
So I think the best way to resolve this issue is probably to ask the readers themselves: what would you like to read about? Are there any areas where the documentation could be enhanced? Tell me. I’ve created a very simple Google Form here:
https://docs.google.com/spreadsheet/viewform?formkey=dGVXeDZ2SlQxbmtIS1dpT3ZZb1F5QlE6MQ.

By filling this out you can help me to figure out:
* what subjects are people most interested in
* how many active readers I might have :)

Guaranteed to take less than 5 minutes!

Thanks in advance.