If OpenAM is running behind a proxy such as apache then the container can be down; apache is still running and just checking if the socket is listening is not enough to validate if OpenAM is actually up and running. We implemented a fix that performs a simple GET request to the naming service and checks for HTTP 200. But if the OpenAM is running HTTPS then we the request is not processed correctly. We need to find a mechanism that (a) ensures the OpenAM is actually up and running when behind a proxy but each OpenAM ping is not doing a SSL negotiation as this will be very expensive. Perhaps look at a keep-alive SSL connection that can be reused.