Weblogic setting wrong protocol in WSDL (Load Balancer terminating SSL)

In most of the architectures, the SSL is terminated at the hardware load balancer for performance reasons and allows the internal traffic to use HTTP for communication.

Client ---[HTTPS] --> Hardware LB (SSL termination) --- [HTTP] --> WLS (WebService)

The client will typically fetch the WSDL for the webservice hosted on WLS and use the endpoint available in the WSDL for invoking the webservice. So the calls for fetching the WSDL would happen as under:

Client (https://lbhost:lbhttpsport/URI?wsdl)  --- > Hardware LB (http://wlshost:wlshttpport?wsdl) --- WLS (set the endpoint in wsdl as frontendhost:frontendhttpport if provided or will return http://lbhost:lbhttpsport/URI)

Please note that the endpoint in the WSDL has the http protcol whereas the client is only used to call the LB on https protocol. The reason why WLS sets the protocol as http is because the request was recieved on http and there is no way for WLS to identify if the actual request was made on https.

To solve the issue, you need to set an extra header variable "WL-Proxy-SSL: true" at the load balancer so that WLS identifies the request is called on https. Also, you need to set the flag Weblogic-Proxy-Plugin Enabled at the WLS managed server.

WSDL Caching in SOA Server

Yes all the partner WSDLs are cached in the SOA Server and by default they are cached for 24 hours. In order to change the cache time do the following,

Farm_soa_domain > Weblogic Domain > soa_domain* > Right Mouseclick > System MBean Browser > Application Defined MBeans > oracle.as.soainfra.config > Server: soa_server > SoaInfraConfig > soa-infra > Attributes

There is an Attribute "UddiCacheLifetime" defining the external WSDL cache time. By default, the value is set to 24 hours and the minimum time of 300 seconds could be set.

OSB Cluster- WSDL Endpoint changes to Managed Server Host/Port on fetch

On fetching a WSDL from a OSB Cluster (ManagedServer1 ... ManagedServerN) with a load balancer sitting in front and if the endpoint URL gets set to a particular ManagedServer (Host/Port), then you cluster is not load balanced. If the client application caches the WSDL then you are in deep trouble and is not the right behaviour. In order to make it correct, do the following:

Put the LoadBalance (IP/Port) in Weblogic Admin Console at the following location:

Home -> osb_cluster ->Summary of Environment ->Summary of Clusters -> osb_cluster -> configuration -> HTTP sub-tab

Restart the managed servers and try fetching the WSDL and the endpoint service URL should be set to LoadBalancer (IP/Port) and not any of Managed Server (IP/Port). This should be done for every OSB Cluster with a load-balancer in front