My Oracle Support Banner

Configuring Reverse Proxy in front of 9iAS V2 SSO (Single Sign-On) Server on Unix (Doc ID 230164.1)

Last updated on OCTOBER 17, 2019

Applies to:

Oracle HTTP Server - Version 9.0.2 and later
Oracle Application Server Single Sign-On - Version 9.0.4 and later
Information in this document applies to any platform.

Goal

 This note is missing one section.
Browser <--> HTTPS <--> RP <--> HTTP <--> OHS
This will be added as Section 6 once steps are confirmed
Note: Section 5 is for
Browser <--> HTTPS <--> RP <--> HTTPS <--> OHS [This section is not visible to customers.]

PURPOSE
-------
The purpose of this article is to provide steps for configuring Oracle9i Application
Server (9iAS) Release 2 (9.0.2) SSO (Single Sign-On) Server when a software or
hardware device such as a reverse proxy is deployed in front of the SSO (Single
Sign-On) Server.

For OracleAS 10g version 9.0.4 see Oracle Application Server Single Sign-On
Administrator's Guide 10g (9.0.4) Chapter 9 Advanced Configurations - Deploying
OracleAS Single Sign-On with a Proxy Server
- http://download.oracle.com/docs/cd/B10464_01/manage.904/b10851/advconfg.htm#1018000

SCOPE & APPLICATION
-------------------
When any software or hardware devices such as a reverse proxy, load balancer,
or Web Server is inserted between the end-user browsers and the SSO (Single Sign-On)
Server, this will result in changing the effective URL of the SSO (Single Sign-On)
server from the browser's perspective. Such devices can either be NON-SSL or
SSL-Enabled.

Deploying a reverse proxy type of device in front of SSO (Single Sign-On) Server
may be done for a variety of reasons including:

o Hiding the hostname of the SSO (Single Sign-On) Server
o Terminating SSL connections to another server instead of SSO (Single Sign-On)
Server
o Limiting the number of ports that need to be opened on a firewall

The SSO (Single Sign-On) Server must be re-configured to handle the above changes.
Please note, the SSO (Single Sign-On) can only bind to one protocol, hostname and port.
For example, if you configured a SSL-Enable reverse proxy in front of SSO Server.
Then all subsequent SSO requests must be done via that SSL-Enabled reverse proxy.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.