ISA Server as Reverse Proxy for SSO Server:[OSSO] W05: Requested URL is Not Specified in Terms of Fully-Qualified Host Name or Invalid SSO Partner Configuration (Doc ID 950993.1)

Last updated on MARCH 02, 2016

Applies to:

Oracle Application Server Single Sign-On - Version 10.1.4.2 and later
Information in this document applies to any platform.
***Checked for relevance on 03-MAR-2016***

Symptoms

SSO configured to use ISA reverse proxy server. ISA proxy server is configured to terminate SSL at the proxy server.

Steps To Reproduce:
1. Modify httpd.conf with followed entries:

Port 443
KeepAlive off
ServerName <Isa proxy servername>
LoadModule certheaders_module libexec/mod_certheaders.so
<VirtualHost *:7777>
ServerName <Isa proxy servername>
Port 443
RewriteEngine On
RewriteOptions inherit
SimulateHttps On
UseCanonicalName On
KeepAlive off
</VirtualHost>

2. $ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct ohs -v -d

3. Modify orcldasurlbase :
dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext
changetype: modify
replace: orcldasurlbase
orcldasurlbase: https://<

4.  ldapmodify -D "cn=orcladmin" -w xxxx -v -f setdasurl.ldif

5.Register partner application
$ORACLE_HOME/sso/bin/ssoreg.sh \
-oracle_home_path $ORACLE_HOME \
-site_name <Name assigned to SSO instance> \
-config_mod_osso TRUE \
-mod_osso_url https://<Isa proxy servername> \
-admin_info cn=orcladmin

6.Clear cache
set serveroutput on
set define off
set termout on
begin
wwsec_oid.refresh_local_cache(true);
commit;
end;
/


7.Restart
$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY

8. Test SSO and OIDDAS:

https://<Isa proxy servername>/pls/orasso

https://<Isa proxy servername>/oiddas

Followed errors reported in the
[Mon Jul 13 13:40:54 2009] [error] [client n.n.n.n] [ecid: 1247506854:95.
250.61.117:1060974:0:123,0] MOD_OC4J_0376: Reque
st initial processing failed in ac worker with HTTP status code 1. This status
will be passed back to the listener for error handling.
[Mon Jul 13 13:41:01 2009] [warn] [client n.n.n.n] [ecid: 1247506861:95.250.
61.117:1839216:0:128,0] \n[OSSO] W05: Request
ed URL is not specified in terms of fully-qualified host name or invalid SSO
partner configuration. Host from request <Isa proxy servername>:7777,
registered host oidrust.mouvement.desjardins.dev.\n

NOTE: Look that message is reporting reference for <Isa proxy servername>:7777, using
non-SSL port (7777) instead of correct 443 SSL port.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms