I am confused where I should configure SSO. I assume we want OHS outside the firewall and SSO to occur there with mod_osso. After authentication OHS acts as an RPS with ProxyPass and ProxyPassReverse.
OHS server is host-alias.domain.com on 10010
with include mod_osso.conf
and ProxyPass / http://host.domain.com:10005/
and ProxyPassReverse / http://host.domain.com:10005/
Apex Listener in OC4J is http://host.domain.com:10005
I have tried this with the logon success URL going directly to the Apex application (http://host-alias.domain.com:10010/apex/f?p=104)
When I acess host-alias.domain.com:10010 I get the SSO logon page for authentication.
I enter my credentials and I can see in Live HTTP Headers an attempt to go to Location: http://host-alias.domain.com:10010/apex/f?p=104&urlc=v1.2%7E81FFC088B0F6A43.etc...
It does not go to the Apex application but gets stuck in a loop redirecting back to the SSO login page, eventually the token is too big and it fails.
I know you can configure authentication of the application to use SSO inside Apex but doesn't that defeat the purpose of OHS outside the firewall?