January 18, 2015 at 12:14 am #2465[email protected]Participant
One of you have ever try to install an Apache in front of OpenAM with an Web Policy Agent in the same time. My goal of doing this is have only one server web for protect an application and front my openam
__________ ________________________ | Browser | -------> | Reverse Proxy w/agent | ______________ | Client | | VHost IP1 openam.foo.bar | -------------> | Openam Server | | | _____________________ | VHost IP2 toto.foo.bar | -> | Protected Application |
So my openam are configured with cookie .foo.bar. I set the agent with com.sun.identity.agents.config.notenforced.url = http://openam.foo.bar/openan/*
The problem is when i start my Apache nothing log in Debug/amAgent even if debug is set on all:5 plus when i try to access on ressource of web server with browser nothing happend, keep loading. If i do the same with NetCat and send a GET /myressources HTTP/1.1
No answer ….
So I think there are a loop on Apache something like webAgent try authenticate from URL of OpenAM but this URL is serve by the same apache and don’t want to let pass the request because not authentified like infinite loop :-(
Have you any suggestion ??
Excuse my bad english
January 20, 2015 at 4:47 pm #2635Pawel PietrzynskiParticipant
- This topic was modified 5 years, 9 months ago by Peter Major. Reason: Moving topic under OpenAM forum
You should not protect OpenAM reverse proxy with an agent. You should either have another Apache instance without an agent for OpenAM or limit access in a different way, but OpenAM should be accessible from the browser without an agent. Also OpenAM should be accessible by the agents without going through an agent.
PawelJanuary 20, 2015 at 5:33 pm #2636[email protected]Participant
Thank you for the answer and your time, i had some doubts about that.
You must be logged in to reply to this topic.