SSO Login Fails With Apache Reverse Proxy: HTTP-400 Bad Headers
Last updated on MARCH 08, 2017
Applies to:Oracle Application Server Single Sign-On - Version 9.0.4 to 10.1.4.3 [Release 10gR1 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 05-MAY-2015***
SSO login is failing in an architecture with front-end Apache reverse proxying requests to the 10gAS Infrastructure server.
Although the debug ssoServer.log shows that SSO authentication is successful, the mod_osso post authentication call to /osso_login_success fails: Page Cannot be Displayed in the browser and the Apache access_log shows HTTP response code 400 (Bad Headers) for this request.
The SSO virtualhost is configured correctly in Apache. Reference: <Note:314381.1> How to Setup Oracle HTTP Server as a Virtual Host Reverse Proxy
The 10gAS Infrastructure HTTP Server is configured correctly with ServerName set to the reverse proxy virtualhost and Port set to the port used in the browser.
The mod_osso SSO Partner Application is registered with correct -mod_osso_url parameter value http(s)://<rev_proxy_vhost>:<revproxy_port>
The HTTP Header trace shows no problems with the headers returned by SSO for the /osso_login_success request.
The problem occurs in both IE and Mozilla based browsers.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms