The way that OAM works is that there is an agent (webgate) on the Apache that is hosting the target resource, and when the webgate sees a request incoming for the protected resource, the webgate will cause a 302/redirect response to occur, and I think that that is the start of the problem.
[In the Apache logs, I can the request for the resource, and a 302 redirecting to one of the OAM endpoints, so I am pretty sure that that first OAM redirect is occurring.]
I have been trying various things to try to "see" what is going on, including the web developer tools, etc., and live headers plugin for the browser (both Chrome and Firefox), but with those, I only see the initial request and the last request for the resource, and that last one is failing.
So, I am now trying to use Fiddler.
So I was wondering: Shouldn't Fiddler be able to capture those requests (and responses) that appear to be missing? Is there something else that I need to configure in order for Fiddler to be able to "see" those requests?
In the above, the:
is a kind of "composite" URL:
the "http://192.168.xxx.yy:8080" is the URL of the CORS Anywhere CORS proxy server (actually on the same machine as the Apache that is serving the HTML page).
is the URL of the protected target resource.
So I think/GUESS that:
- CORS Anywhere takes the request and forwards it to the http://charlieeastweb....com:7777/target-charlie/index.html (the resource, protected by OAM, then
- When the OAM webgate gets that request, it sends the first 302 response back.
The 2nd (and only) other request/response I see in Fiddler is a request to the http://charlieeastweb....com:7777/target-charlie/index.html. The response to this 2nd request is a 200/OK. This request includes an "Origin:" HTTP request header, and the response includes an "access-control-allow-origin" HTTP response header, which I believe is being added by the CORS Anywhere CORS Proxy.
However, the contents of the page that is in that response is an error page that we see when the OAM processing has failed, so something is going wrong within the OAM part of the protocol, but I am not able to see anything :(!!
I am really new to using Fiddler, and to get it to start logging, I followed steps to set up Chrome with a proxy at localhost:8888.
If so, what additional configuration do I need?