Webgate status page webgate.cgi

To monitor a webgate status, OAM webgates have a status page: webgate.cgi.  It does not reveal much information, but the page shows (at least) two important things:

  • Whether the webgate is working (getting a response means it works)
  • The attached OAM instance (so you don’t have to check the local ObAccessClient.xml file)

Looking at the layout of this page, it used to show more info, but appearantly it is not working anymore.

To enable the status page, some changes to the webgate and resources must be made.

  1. Add a user-defined parameter to the SSO webgate in OAM
  2. Unprotect the resource /ohs/modules/** (exclude) or modify webgate.conf and add
  3. For security reasons, you might add a pre-authorization rule allowing access from a limited range of ip addresses.

The webgate.cgi page is located at different url’s for different Application Servers:

  • OHS = http(s)://hostname:port/ohs/modules/webgate.cgi?progid=1
  • Apache = http(s)://hostname:port/apache/modules/webgate.cgi?progid=1
  • IIS = http(s)://hostname:port/webgate/webgate.dll?progid=1

The underlying wallet operation failed

Using a webgate with an OAM agent may result in the error: “The underlying wallet operation failed.” raw_code^223.

This is caused by the file cwallet.sso, which is not compatible with It needs to be converted at the OAM server with the command:

/oracle_common/bin/orapki wallet convert -wallet ./cwallet.sso -auto_login_only

Copy the converted cwallet.sso to the webgate and restart.