23-10 Oracle Fusion Middleware Developers Guide for Oracle Adaptive Access Manager – The external port is mapped to the internal port where OAAM Server is listening – The OAAM Server path is published To troubleshoot problems experienced while configuring the UIO Proxy, enable tracing to a file and set the trace level to 0x8008f. Doing so wil print detailed interceptor evaluation and execution information to the log file. UIO Apache Proxy Tips to troubleshoot problems with the UIO Apache Proxy are listed in this section. ■ On launching httpd, an error for loading mod_uio.so occurs. Ensure that mod_ uio.so and all the libraries are placed in the proper directories. On Linux, use the ldd command to confirm that mod_uio.so can load all the dynamic libraries that it depends upon. On Windows, use Dependency Walker to find out any missing DLLs and in some cases, you may have to install the Microsoft Visual C++ 2005 Redistributable Package from the Microsoft Web site, if your server does not have these libraries pre-installed. ■ If nothing is working- no logs and so on, ensure that the user of httpd has permissions to read the uio directory. Typically httpd is run as a daemon user. Ensure the daemon user has write permissions for the logs directory. ■ In case of a parsing error in UIO_Settings.xml or any configuration XML, an error log will be created in httpds logs directory with the name UIO_ Settings.xml.log. ■ For errors, look in uio.log. Use log level of error for production use; info for more details; debug for debugging issues and trace for verbose logs. ■ Ensure that the config XML and settings XML are conforming to the RNG schema. You can use the UIO_Settings.rng and UIO_Config.rng in any XML editor to edit the UIO_Settings.xml and application configuration XML files. ■ You can change the Apache httpd log level to debug for testing, or keep it at info to reduce log file size. The Apache httpd log is separate from UIO Apache Proxy log. ■ When migrating ISA configuration XML to be used with the UIO Apache Proxy, you need to do the following: 1. Change the header of the XML file to use ?xml version=1.0 encoding=utf-8? BharosaProxyConfig xmlns=http:bharosa.com 2. Run your config XML file through libxml2s xmllint utility. For Windows, download the latest libxml2-2.x.x.win32.zip file from http:www.zlatkovic.comlibxml.en.html and unzip it. For Linux, if you have libxml2 installed then xmllint command should be available, or check with your Linux System Administrator. Copy the UIO_Config.rng file from the UIO Apache Proxy distribution and run following command: xmllint --noout --relaxng UIO_Config.rng your config xml file And fix any errors that are reported. FAQTroubleshooting 23-11 ■ The UIO Apache Proxy is not working or intercepting request. Problem : The following error appears: Failed to create session in memcached, err = 70015Could not find specified socket in poll list. proxy - Failed to create session, cannot process this request distsessions - memcache server localhost create failed 111 Possible Solutions : ■ Make sure memcache is installed and configured. ■ Make sure memcache process is up and running before creating the session. Oracle Adaptive Access Manager Debug Mode In debug mode, the value of any variable--user name, password, and any other information--is not displayed. In capture mode, the HTTP traffic is shown. Therefore, capture mode is not recommended in production. In-SessionTransaction Analysis The UIO Proxy is a solution for login security only. It does not support in-session capabilities. Options are provided below based on possible requirements: ■ If you are using a packaged application you do not have access to alterintegrate with, the UIO Proxy or Oracle Access Manager are options for real-timein-line use cases like anti-malware, anti-phishing, risk-based authentication in the login flow. ■ If you have the ability to integrate with the application and require in-sessiontransactional use cases, then consider native integration. This is the most flexible option for this case. ■ If you want in-sessiontransactional use cases but do not have the ability to integrate with the application, a custom option could potentially be possible using either Oracle Adaptive Access Manager offline 10g or Oracle Adaptive Access Manager with a listener. No Changes in Proxy in 11g QuestionProblem : Are there changes between 10g and 11g for the UIO Proxy? AnswerSolution : There has been no changes in the proxy between 10g and 11g. There is no dependency on OHS etc. The user has to use Apache 2.2.8 only. Adding appid to HTTP Headers QuestionProblem : In TestConfig.xml, should we be adding appid to HTTP headers for both the PSFT URLs and the asa URLS? AnswerSolution : No, just to the asa URLs. It should be adding the app-id to only the asa URLs, not needed for PSFT urls. Contains Match QuestionProblem : Should a condition with contains match if there is an exact match? AnswerSolution : Yes. Request URL QuestionProblem : Can request URL be a partial URL? Such as just first part of URL?