Configure J2EE Agent with OpenAM behind Reverse Proxy
Posted
by
Troy
on Server Fault
See other posts from Server Fault
or by Troy
Published on 2011-01-11T22:23:52Z
Indexed on
2011/01/11
22:55 UTC
Read the original article
Hit count: 507
reverse-proxy
|OpenSSO
I have a reverse proxy with two SSL enabled NamedVirtualHosts on different ports. Both containers on each internal host is GF 2.1.1. Proxy configuration as follows:
Proxy URL -> Internal URL
https://apps.mydomain.com -> http://apps.internal.com
https://secure.otherdomain.com:8080/ -> http://secure.internal.com
I initially tried configuring the J2EE agent in OpenAM and the web app container to use the internal URLs (I appended /openam and /agentapp respectively). However, I received the following errors when trying to access a secured application such as https://apps.mydomain.com/webapp
.
java.lang.RuntimeException: Failed to load configuration: ApplicationSSOTokenProvider.getApplicationSSOToken(): Unable to get Application SSO Token
A second attempt gives the following error:
java.lang.NoClassDefFoundError: Could not initialize class com.sun.identity.agents.filter.AmFilterManager
Along with these in the agent debug.out:
ERROR: Failed to obtain auth service url from server: null://null:null
...
SiteMonitor: Site URL http://secure.internal.com/openam/namingservice is not available.
If I specify the server and agent urls using the proxy urls, then the agent appears to be working and I am redirected to the OpenAM login page. However, the goto in the URL is http://apps.mydomain.com/webapp
instead of https://apps.mydomain.com/webapp
(missing https). So after authentication, the redirect fails. Now I could possibly get by with mod_rewrite, but it feels hackish and I really want to know what's going on.
Any ideas?
© Server Fault or respective owner