[OPENAM-5304] XUI does not work behind HTTP reverse proxy if HTTP host header is not preserved Created: 12/Dec/14  Updated: 02/Apr/17  Resolved: 02/Mar/15

Status: Resolved
Project: OpenAM
Component/s: XUI
Affects Version/s: 12.0.0, 13.0.0
Fix Version/s: 12.0.1, 13.0.0

Type: Bug Priority: Major
Reporter: Bernhard Thalmayr Assignee: Peter Major [X] (Inactive)
Resolution: Fixed Votes: 2
Labels: EDISON, release-notes
Remaining Estimate: Not Specified
Time Spent: 4h
Original Estimate: Not Specified
Environment:

java version "1.7.0_72"
Apache Tomcat 7.0.37
OpenAM 13.0.0-SNAPSHOT Build 11848 (2014-December-12 02:37)
Apache http server 2.2.26


Issue Links:
Relates
relates to OPENAM-5941 XUI login redirects to http://null:80... Resolved
relates to OPENAM-6164 Backport OPENAM-5941: XUI login redir... Resolved
Target Version/s:
Sprint: Sprint 77 - Sustaining
Support Ticket IDs:
Verified Version/s:

 Description   

Setting up a http reverse proxy using mod_proxy/mod_proxy_http and proxy rule

ProxyPass /openam http://openam-nightly.test.xyz:8080/openam
ProxyPassReverse /openam http://openam-nightly.test.xyz:8080/openam
ProxyPreserveHost Off

and requesting the RP-URL for OpenAM console (e.g. http://login.test.net/openam/console) will end up in a redirect to the actual OpenAM instance URL.

Workarounds

  • use mod_proxy_ajp or
    ProxyPass /openam http://openam-nightly.test.xyz:8080/openam
    ProxyPassReverse /openam http://openam-nightly.test.xyz:8080/openam
    ProxyPreserveHost On
    

and configure OpenAM site or FqdnMapping (here com.sun.identity.server.fqdnMap[login.test.net]=login.test.net), set up DNS-alias mapping and update cookie domain setting in platform service if domain cookies are used.



 Comments   
Comment by Peter Major [X] (Inactive) [ 02/Mar/15 ]

Fixed with R12766 and R12767
The FQDN validation in XUI now should work similarly to the legacy UI.

Comment by Nemanja Lukic [ 14/Jul/15 ]

Verified in: OpenAM 12.0.1 Build 14322 (2015-June-22 16:03)
Both XUI and legacy UI work fine.

Generated at Tue Oct 27 03:42:28 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.