Problem authentication simple weblogic backend


#1

Dear good, nice to greet you and thank you in advance for your answer, I will use the google translator, excuse me for the writing mistakes. I commented that I maintain a haproxy configuration based on operating system rhel 7.4 and HA-Proxy version 1.5.18.

In relation to the configuration, I have 4 balanced sites, the incident is presented when consuming a service which performs a https redirection and invokes a simple authentication that is done within a weblogic osb “esb.vtr.cl”, I attach the complete configuration of the proxy, in addition to the configuration by weblogic, I hope to receive news soon from you thanked.

When performing tests on http and https without authentication does not present any inconvenience, please support

Haproxy configuration

global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 10000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
stats socket /var/run/haproxy.sock mode 600 level admin

defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 10000
stats enable
stats uri /stats
stats realm HAProxy\ Statistics
stats auth admin:admin

frontend http-ddrservice
mode http
bind 172.17.113.4:80
reqadd X-Forwarded-Proto:\ http
default_backend vtrddrservicecluster-backend

frontend http-esb
mode http
bind 172.17.113.5:80
reqadd X-Forwarded-Proto:\ http
default_backend esb-vtresbcluster-backend
#acl host_esb hdr(host) -i esb.vtr.cl
#use_backend esb-vtresbcluster-backend if host_esb
#acl host_eps hdr(host) -i eps.vtr.cl
#use_backend eps-vtrepscluster-backend if host_eps
#acl host_ddrservice.vtr.cl hdr(host) -i ddrservice.vtr.cl
#use_backend vtrddrservicecluster-backend if host_ddrservice.vtr.cl
#acl host_visordeboleta.vtr.cl hdr(host) -i visordeboleta.vtr.cl
#use_backend vtrvisorboletacluster-backend if host_visordeboleta.vtr.cl

frontend http-eps
mode http
bind 172.17.113.6:80
reqadd X-Forwarded-Proto:\ http
default_backend eps-vtrepscluster-backend

frontend http-visorboleta
mode http
bind 172.17.113.7:80
reqadd X-Forwarded-Proto:\ http
default_backend vtrvisorboletacluster-backend

frontend https-esb
mode http
bind 172.17.113.5:443 ssl crt /etc/cert/esb.vtr.cl.pem
reqadd X-Forwarded-Proto:\ https
default_backend esb-vtresbcluster-backend
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Request-Start t=%Ts%ms
http-request set-header Host esb.vtr.cl

backend esb-vtresbcluster-backend
mode http
balance leastconn
cookie SERVERID insert indirect nocache
server vtresb01_tigris tigris.vtr.cl:7011 check inter 5000 fastinter 1000 fall 1 rise 1 weight 1 maxconn 10000
server vtresb02_yukon yukon.vtr.cl:7011 check inter 5000 fastinter 1000 fall 1 rise 1 weight 1 maxconn 10000
server vtresb03_eufrates eufrates.vtr.cl:7011 check inter 5000 fastinter 1000 fall 1 rise 1 weight 1 maxconn 10000
server vtresb04_arkansas arkansas.vtr.cl:7011 check inter 5000 fastinter 1000 fall 1 rise 1 weight 1 maxconn 10000

backend eps-vtrepscluster-backend
mode http
balance leastconn
cookie JSESSIONID prefix ## manejo de sesiones
#cookie SERVERID insert indirect nocache ## manejo de sesiones
#redirect scheme https if !{ ssl_fc }
hash-type consistent # afinidad dentro de HAProxy
server belaya.vtr.cl belaya.vtr.cl:8280 check inter 5000 fastinter 1000 fall 1 rise 1 weight 1 maxconn 10000
server cimarron.vtr.cl cimarron.vtr.cl:8280 check inter 5000 fastinter 1000 fall 1 rise 1 weight 1 maxconn 10000

backend vtrddrservicecluster-backend
mode http
balance leastconn
cookie JSESSIONID prefix
cookie SERVERID insert indirect nocache
#redirect scheme https if !{ ssl_fc }
hash-type consistent # afinidad dentro de HAProxy
server svmovilprod01_ural ural.vtr.cl:9081 check inter 5000 fastinter 1000 fall 1 rise 1 weight 1 maxconn 10000
server svmovilprod02_angara angara.vtr.cl:9081 check inter 5000 fastinter 1000 fall 1 rise 1 weight 1 maxconn 10000

backend vtrvisorboletacluster-backend
mode http
balance leastconn
cookie JSESSIONID prefix
cookie SERVERID insert indirect nocache
#redirect scheme https if !{ ssl_fc }
hash-type consistent # afinidad dentro de HAProxy
server vboleta01_murray murray.vtr.cl:8001 check inter 5000 fastinter 1000 fall 1 rise 1 weight 1 maxconn 10000
server vbpresprod02_aldan aldan.vtr.cl:8001 check inter 5000 fastinter 1000 fall 1 rise 1 weight 1 maxconn 10000
[root@muerto ~]#

Simple authentication osb weblogic service

Cliente autentication "basic"
Display Policy "Empty"
Ecuest Encoding “Empty”

Error presented
imagen


#2

attached log output

tail -f /var/log/haproxy.log
Mar 5 11:12:59 halab1 haproxy[15917]: 172.17.239.159:38014 [05/Mar/2018:11:12:59.193] https-esb~ esb-vtresbcluster-backend/vtresb01_tigris 7/0/0/0/7 302 496 - - --VN 2/2/0/0/0 0/0 “GET /IVRRefreshDBoxPX?WSDL HTTP/1.1”
Mar 5 11:12:59 halab1 haproxy[15917]: 172.17.239.159:38014 [05/Mar/2018:11:12:59.193] https-esb~ esb-vtresbcluster-backend/vtresb01_tigris 7/0/0/0/7 302 496 - - --VN 2/2/0/0/0 0/0 “GET /IVRRefreshDBoxPX?WSDL HTTP/1.1”
Mar 5 11:12:59 halab1 haproxy[15917]: 172.17.239.159:38014 [05/Mar/2018:11:12:59.201] https-esb~ esb-vtresbcluster-backend/vtresb01_tigris 8/0/0/0/8 302 496 - - --VN 2/2/0/0/0 0/0 “GET /IVRRefreshDBoxPX?WSDL HTTP/1.1”
Mar 5 11:12:59 halab1 haproxy[15917]: 172.17.239.159:38014 [05/Mar/2018:11:12:59.201] https-esb~ esb-vtresbcluster-backend/vtresb01_tigris 8/0/0/0/8 302 496 - - --VN 2/2/0/0/0 0/0 “GET /IVRRefreshDBoxPX?WSDL HTTP/1.1”
Mar 5 11:12:59 halab1 haproxy[15917]: 172.17.239.159:38014 [05/Mar/2018:11:12:59.210] https-esb~ esb-vtresbcluster-backend/vtresb01_tigris 7/0/1/0/8 302 496 - - --VN 2/2/0/0/0 0/0 “GET /IVRRefreshDBoxPX?WSDL HTTP/1.1”
Mar 5 11:12:59 halab1 haproxy[15917]: 172.17.239.159:38014 [05/Mar/2018:11:12:59.210] https-esb~ esb-vtresbcluster-backend/vtresb01_tigris 7/0/1/0/8 302 496 - - --VN 2/2/0/0/0 0/0 “GET /IVRRefreshDBoxPX?WSDL HTTP/1.1”
Mar 5 11:12:59 halab1 haproxy[15917]: 172.17.239.159:38014 [05/Mar/2018:11:12:59.218] https-esb~ esb-vtresbcluster-backend/vtresb01_tigris 7/0/1/3/11 302 496 - - --VN 2/2/0/0/0 0/0 “GET /IVRRefreshDBoxPX?WSDL HTTP/1.1”
Mar 5 11:12:59 halab1 haproxy[15917]: 172.17.239.159:38014 [05/Mar/2018:11:12:59.218] https-esb~ esb-vtresbcluster-backend/vtresb01_tigris 7/0/1/3/11 302 496 - - --VN 2/2/0/0/0 0/0 “GET /IVRRefreshDBoxPX?WSDL HTTP/1.1”
Mar 5 11:12:59 halab1 haproxy[15917]: 172.17.239.159:38014 [05/Mar/2018:11:12:59.230] https-esb~ esb-vtresbcluster-backend/vtresb01_tigris 6/0/0/33/39 302 496 - - --VN 2/2/0/0/0 0/0 “GET /IVRRefreshDBoxPX?WSDL HTTP/1.1”
Mar 5 11:12:59 halab1 haproxy[15917]: 172.17.239.159:38014 [05/Mar/2018:11:12:59.230] https-esb~ esb-vtresbcluster-backend/vtresb01_tigris 6/0/0/33/39 302 496 - - --VN 2/2/0/0/0 0/0 “GET /IVRRefreshDBoxPX?WSDL HTTP/1.1”