To monitor a webgate status, OAM webgates have a status page: webgate.cgi.  It does not reveal much information, but the page shows (at least) two important things:

• Whether the webgate is working (getting a response means it works)
• The attached OAM instance (so you don’t have to check the local ObAccessClient.xml file)

Looking at the layout of this page, it used to show more info, but appearantly it is not working anymore.

To enable the status page, some changes to the webgate and resources must be made.

1. Add a user-defined parameter to the SSO webgate in OAM
   enableDiagnosticPage=true
2. Unprotect the resource /ohs/modules/** (exclude) or modify webgate.conf and add
3. For security reasons, you might add a pre-authorization rule allowing access from a limited range of ip addresses.

The webgate.cgi page is located at different url’s for different Application Servers:

• OHS = http(s)://hostname:port/ohs/modules/webgate.cgi?progid=1
• Apache = http(s)://hostname:port/apache/modules/webgate.cgi?progid=1
• IIS = http(s)://hostname:port/webgate/webgate.dll?progid=1

Using a 11.1.2.2 webgate with an OAM 11.1.2.3 agent may result in the error: “The underlying wallet operation failed.” raw_code^223.

This is caused by the 11.1.2.3 file cwallet.sso, which is not compatible with 11.1.2.2. It needs to be converted at the 11.1.2.3 OAM server with the command:

/oracle_common/bin/orapki wallet convert -wallet ./cwallet.sso -auto_login_only

Copy the converted cwallet.sso to the webgate and restart.