OpenIG unable to load all pages and login from the proxied url

This topic has 1 reply, 2 voices, and was last updated 4 years, 10 months ago by chris-fry.

  • Author
    Posts
  • #19045
     mayurc
    Participant

    I am trying to configure OpenIG to proxy two applications. One application is on the same ubuntu machine where OpenIG is deployed. Another application is on another ec2 machine

    My configuration is the same as what was provided on this doc:
    https://backstage.forgerock.com/docs/openig/4.5/gateway-guide/#quickstart-config

    I just have two files that are similar to “01-static.json” from the doc with different routes and urls.

    If I start OpenIG and go to the second route, http://different-url.com:8000/ OpenIG fails to get all .css and .js files from the application, it doesn’t pass credentials either. I am only able to get one local application loaded using OpenIG and even for that particular application it does not send any static credentials.

    I have also configured using this link as mentioned in the troubleshooting section.
    https://backstage.forgerock.com/docs/openig/4.5/gateway-guide/#jetty-cookie-domains

    Can anyone help me understand if the configuration needs to change or is it not possible to protect two different applications with OpenIG?

    Thanks in advance!

    • This topic was modified 5 years ago by mayurc.
    #19614
     chris-fry
    Participant

    A few questions:
    * Have you confirmed you can route to the ec2 machine from the IG machine directly (perhaps using curl or similar)?
    * Do you have conditions on your route handlers? If so, what are they and what order are the routes configured?
    * Can you share your route(s)?

    It sounds like your first route might be picking up the requests intended for different-url.com:8000. If so, this can be resolved using different handler conditions.

    The examples in the IG docs use paths as handler conditions, but it sounds like you want to do this based on host-name. You can route based on host-name by replacing:
    "condition": "${matches(request.uri.path, '^/static')}"
    with something like:
    "condition": "${request.uri.host eq 'different-url.com'}"
    …or if you need to specify the port also:
    "condition": "${request.uri.host eq 'different-url.com' and request.uri.port eq 8000}"

    Just make sure you do it for all your routes unless you want to mix path and domain based conditions. If you mix, the first matching route is the only one that will be used.

    – Chris

    • This reply was modified 4 years, 10 months ago by chris-fry.
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?