Loading ...
Sorry, an error occurred while loading the content.

Cisco Content Switch and WebLogic

Expand Messages
  • Greg Coles
    Following is posted on behalf of one of our network engineers: We are having a problem with the WebLogic server using http redirects rather than https
    Message 1 of 1 , Mar 29, 2004
    • 0 Attachment
      Following is posted on behalf of one of our network engineers:

      We are having a problem with the WebLogic server using "http"
      redirects rather than "https" redirects in the following configuration:

      BROWSER<--HTTPS-->Cisco Content Switch<--HTTP-->WebLogic 5.1.0 SP12

      Specifically:

      1. The browser opens an SSL session which is terminated at a Cisco
      CSS11503 content switch (e.g. https://peoplesoft.foo.com).

      2. When the browser and content switch have the SSL session up, the
      content switch opens up a connection to WebLogic, using HTTP.

      3. Whenever the WebLogic replies with a 302 redirection, it sends back
      the new location URI with protocol "http" rather than "https".

      HTTP/1.1 302 Moved Temporarily
      Response Code: 302

      Location: http://peoplesoft.foo.com/index.html
      ^^^^
      ^^^^
      NEED HTTPS

      Server: WebLogic 5.1.0 Service Pack 12 04/14/2002 23:14:36
      #178459 - 128 bit domestic version

      4. The browser tries to open http://peoplesoft.foo.com/index.html,
      which we wind up having to trap at the content switch and redirect to
      the proper location - https://peoplesoft.foo.com/index.html.

      5. In addition to the inefficient round-about way of getting to the
      right place, some browser configurations display security messages as
      the browser moves from https content, briefly to http content, and
      then back to the correct https content at the end of the redirection
      odyssey.


      Ideally we would be looking for something to go into the WebLogic
      properties file to tell it that all 302 redirects should be via HTTPS
      protocol. We've found the "WLProxySSL" plug-in parameter, but it does
      not appear that our current configuration uses plugins.

      Regards,

      -Chris Timmons, Network Engineer
      Central Washington University
      Ellensburg, WA 98926-7436
      cwt@...
      509.963.2947
    Your message has been successfully submitted and would be delivered to recipients shortly.