Search code examples
oracle-databaseiisjbossisapi-redirect

Getting redirected to isapi_redirect.dll url randomly with 404

I have a web application(Jboss) as following https://ourURL/intranet/index.xhtml

If you are not authenticated we redirect the users to the Access management system (Oracle webgate 11.1.1) that uses PIV card to login. After the authentication user redirects back to ourURL/intranet/index.xhtml and happy. Underneath, I use isapi_redirect.dll with ajp

Lately very randomly, when users are doing some post actions (submitting a form and etc), they get redirected to the Access management System like if they are sessioned out or not authenticated, and when they sign in again with their piv card they are redirected to the following url:

ourURL/intranet/isapi_redirect.dll

So it acts like if the user was trying to request /isapi_redirect.dll, user is not authenticated, they authenticate and then user goes to /isapi_redirect.dll and 404.

Logs does not tell much other than like following.

2017-09-29 22:39:42 165.112.255.29 POST /intranet/isapi_redirect.dll - 80 - 165.112.255.25 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/61.0.3163.100+Safari/537.36 404 0 0 46

Have you ever get redirected to /isapi_redirect.dll directly? Any direction or similar situation with a solution would be helpful trouble shooting this.

Thanks.

Solution

  • OK. I was able to reproduce the issue and found the quick solution for now.

    Reproduce: I was uploading a document, searching for some data, submitting something or overall doing some POST action. And 60 mins after the initial authentication I got redirected to the authentication page, I had to re-authenticate and then directed back to 404.

    The oracle webgate has the following config file, ObAccessClient.xml And it has the following :

    <SimpleList>
    <NameValPair
        ParamName="tokenValidityPeriod"
        Value="3600"></NameValPair>
</SimpleList>

    So after 60 min, the token was invalidated and needed to issue a new token. When it gets redirected to the authentication page, it remembered where to go back and somehow it was /isapi_redirect.dll?

    For a workaround, I am bumping the number up. Better config or changes are needed on the webgate side, but I was able to at least find what the issue was.