I have a reverse proxy with two SSL enabled NamedVirtualHosts on different ports. Both containers on each internal host is GF 2.1.1. Proxy configuration as follows:

Proxy URL -> Internal URL

https://apps.mydomain.com -> http://apps.internal.com

https://secure.otherdomain.com:8080/ -> http://secure.internal.com 

I initially tried configuring the J2EE agent in OpenAM and the web app container to use the internal URLs (I appended /openam and /agentapp respectively). However, I received the following errors when trying to access a secured application such as https://apps.mydomain.com/webapp.

java.lang.RuntimeException: Failed to load configuration: ApplicationSSOTokenProvider.getApplicationSSOToken(): Unable to get Application SSO Token

A second attempt gives the following error:

java.lang.NoClassDefFoundError: Could not initialize class com.sun.identity.agents.filter.AmFilterManager

Along with these in the agent debug.out:

ERROR: Failed to obtain auth service url from server: null://null:null
...
SiteMonitor: Site URL http://secure.internal.com/openam/namingservice is not available.

If I specify the server and agent urls using the proxy urls, then the agent appears to be working and I am redirected to the OpenAM login page. However, the goto in the URL is http://apps.mydomain.com/webapp instead of https://apps.mydomain.com/webapp (missing https). So after authentication, the redirect fails. Now I could possibly get by with mod_rewrite, but it feels hackish and I really want to know what's going on.

Any ideas?