0 Replies Latest reply: Dec 10, 2012 12:09 PM by User500287-Oracle RSS

    using OHS mod_osso outside of firewall for SSO

    User500287-Oracle
      I am confused where I should configure SSO. I assume we want OHS outside the firewall and SSO to occur there with mod_osso. After authentication OHS acts as an RPS with ProxyPass and ProxyPassReverse.

      setup:

      OHS server is host-alias.domain.com on 10010
      with include mod_osso.conf
      and ProxyPass / http://host.domain.com:10005/
      and ProxyPassReverse / http://host.domain.com:10005/

      Apex Listener in OC4J is http://host.domain.com:10005

      I have tried this with the logon success URL going directly to the Apex application (http://host-alias.domain.com:10010/apex/f?p=104)

      When I acess host-alias.domain.com:10010 I get the SSO logon page for authentication.
      I enter my credentials and I can see in Live HTTP Headers an attempt to go to Location: http://host-alias.domain.com:10010/apex/f?p=104&urlc=v1.2%7E81FFC088B0F6A43.etc...
      It does not go to the Apex application but gets stuck in a loop redirecting back to the SSO login page, eventually the token is too big and it fails.

      I know you can configure authentication of the application to use SSO inside Apex but doesn't that defeat the purpose of OHS outside the firewall?