My Oracle Support Banner

SSO Login Fails With Apache Reverse Proxy: HTTP-400 Bad Headers (Doc ID 413873.1)

Last updated on NOVEMBER 04, 2019

Applies to:

Oracle Application Server Single Sign-On - Version 9.0.4 to [Release 10gR1 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 30-OCT-2019***


SSO login is failing in an architecture with front-end Apache reverse proxying requests to the 10gAS Infrastructure server.

Although the debug ssoServer.log shows that SSO authentication is successful, the mod_osso post authentication call to /osso_login_success fails: Page Cannot be Displayed in the browser and the Apache access_log shows HTTP response code 400 (Bad Headers) for this request.

The SSO virtualhost is configured correctly in Apache. Reference: <Note:314381.1> How to Setup Oracle HTTP Server as a Virtual Host Reverse Proxy

The 10gAS Infrastructure HTTP Server is configured correctly with ServerName set to the reverse proxy virtualhost and Port set to the port used in the browser.

The mod_osso SSO Partner Application is registered with correct -mod_osso_url parameter value http(s)://<REVERSE_PROXY_SERVER_NAME>:<REVERSE_PROXY_PORT>

The HTTP Header trace shows no problems with the headers returned by SSO for the /osso_login_success request.

 The problem occurs in both IE and Mozilla based browsers.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.