Unexpected redirect on openam 13.5 ui login (Kubernetes)

This topic has 2 replies, 3 voices, and was last updated 5 years, 5 months ago by Warren Strange.

  • Author
  • #16006

    I see some unexpected behavior when browsing to the login page of an OpenAM 13.5 installation.
    Setup: browser -> F5 BigIP LB -> Kubernetes service -> OpenAM Pod

    Below are the requests/responses as seen by the browser. Note that in —230— the redirect includes a hostname. I would expect this redirect to be a) relative (/openam/XUI/) or b) use the LB_PRIMARY_URL as set in openam.properties or c) respond with content as 13.0.0 with identical config does.

    GET openam.openapi.k8sa.otas.nv/openam
    HTTP/1.1 302
    Location: /openam/
    Transfer-Encoding: chunked
    Date: Fri, 24 Feb 2017 11:15:21 GMT

    GET openam.openapi.k8sa.otas.nv/openam/
    <title>Please Wait While Redirecting to Login page</title>

    <script language=”JavaScript”> <!–

    function redirectToAuth() {
    var params = getQueryParameters();
    var url = ‘UI/Login’;

    if (params != ”) {
    url += params;

    function getQueryParameters() {
    var loc = ” + location;
    var idx = loc.indexOf(‘?’);
    if (idx != -1) {
    return loc.substring(idx);
    } else {
    return ”;

    <body bgcolor=”#FFFFFF” onLoad=”redirectToAuth();”>
    GET openam.openapi.k8sa.otas.nv/openam/UI/Login
    HTTP/1.1 302
    Location: /openam/XUI/#login/
    Content-Length: 0
    Date: Fri, 24 Feb 2017 11:15:21 GMT

    GET openam.openapi.k8sa.otas.nv/openam/XUI/#login/
    HTTP/1.1 302
    Location: http://openam:80/openam/XUI/
    Content-Length: 0
    Date: Fri, 24 Feb 2017 11:15:21 GMT

    HTTP/1.1 502 Fiddler – DNS Lookup Failed
    Date: Fri, 24 Feb 2017 11:15:21 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: close
    Cache-Control: no-cache, must-revalidate
    Timestamp: 12:15:21.011

    Version 13.0.0 response on GET openam.openapi.k8sa.otas.nv/openam/XUI/#login/
    <meta charset=”utf-8″>
    <meta http-equiv=”X-UA-Compatible” content=”IE=edge”>
    <meta name=”viewport” content=”width=device-width, initial-scale=1″>
    <body style=”display:none”>
    <div id=”messages” class=”clearfix”></div>
    <div id=”wrapper”>Loading…</div>
    <div id=”popup”>


    Created backstage ticket #19296: Login to web UI fails

     Warren Strange

    Apologies for the late reply – I did not see this.

    The redirection issue is most likely a problem with the site configuration.
    You need to configure a site, and set the external load balancer URL, then add the server to the site.

    You also need to ensure your external load balancing infrastructure is setting the request headers appropriately (X-Forwarded-For – from memory, but do check this)

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?