This topic has 0 replies, 1 voice, and was last updated 6 years, 2 months ago by mehdi.chemsi.

  • Author
    Posts
  • #11824
     mehdi.chemsi
    Participant

    Hi All,

    I am trying to protect an application using openAM with the following coponents:
    – Apache 2.4 as client facing server (dmz.example.com)
    – Web Application deployed in tier 2 (webapp.example.com:8443)
    – OpenAM deployed in tier 2 (openam.example.com:8443)
    – Web Policy agent is configure on Apache 2.4

    I was able to successfully login to my application using openAM url https://openam.example.com:8443/openam/UI/Login

    As that URL is only accessible internally, I am trying to use Apache as a reverse proxy for openAM so that the login credentials are submitted through https://dmz.example.com/openam/UI/Login

    I have done the following:
    Apache: Added the following reverse proxy config
    ##Proxy OpenAM to backend
    <Location /openam>
    ProxyPass http://openam.example.com:8443/openam
    ProxyPassReverse http://openam.example.com:8443/openam
    </Location>

    OpenAM:
    — Web Agent: I have update the login URL under ‘Agent–>openAM Services–>Login URL’ to https://dmz.example.com/openam/UI/Login
    — Server Configuration: Under ‘Configuration->Servers and Sites->”servername.example.com/openam”‘ and under Advanced I add the following property:
    com.sun.identity.server.fqdnMap[dmz.example.com]=dmz.example.com

    I restart both apache and openAM and when I try to access the protected URL I get 500 error.

    My observation are:
    – Web Agent is redirecting me to new URL https://dmz.example.com/openam/UI/Login
    – I am stuck in an infinite redirect to https://dmz.example.com/openam/UI/Login every time appending https://dmz.example.com/openam/UI/Login to the end URL

    This is meant to be a straight forward configuration, yet I am missing something which I can’t figure out now. Any help is greatly appreciated.

    Cheers,
    Mehdi

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?