OAM Protected APEX Redirecting out of HTTPS (SSL) to HTTP at apex_authentication.callback

(Doc ID 1522900.1)

Last updated on MAY 24, 2016

Applies to:

Oracle Application Express (formerly HTML DB) - Version 4.0.1 and later
Information in this document applies to any platform.

Symptoms


1.  Specific APEX applications have been configured with Oracle Access Manager (OAM) according per <Note 1470258.1> - Integrating APEX 4.1.1 with Oracle Access Manager 11g Using the Oracle HTTP Server (OHS).

2.  The Oracle HTTP Server (OHS) serving APEX has been configured in SSL mode (port 443).

3.   APEX applications that are OAM protected are redirected out of SSL when navigating to /apex_authentication.callback.  The result is that the following page is displayed after OAM authentication occurs ->

 

4. An IEHttpHeaders trace shows the following:


Note that this has dropped from https (SSL) to http. Also, if the URL is manually modified by placing the 's' after the http, the process works.

5.  Firebug shows the following:

URLStatusProtocolDomain
get portallogin.jsp 200 ok https <OAM Server>
get portallogin.jsp 302 moved temporarily https <apex http server>
get f?p=108:1 302 moved temporarily https <apex http server>
get apex_authentication.callback 200 ok http <apex http server>

 Note the change to http at get apex_authentication.callback

6.  Non-OAM protected APEX applications work in SSL mode.

7. JSPs that are OAM protected also show no issue.

Changes

 None

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms