Я пытаюсь настроить обратный прокси-сервер с моим apache (v2.4.38 из apachelounge) на окнах, используя также один сервер аутентификации.Сценарий довольно прямой.
From my client(browser), user access the location of my apache server (say /mycustomapp/test1/).
On this apache web server, openam policy agent is also configured to work along with the openam server.
Using the openam (authentication server), i have protected my apache's /mycustomapp/test1/ URL.
Behind the reverse proxy, there is one custom application (say http://internal.app1.com:8090/customapp/?tab=DEFAULT).
So, after successfull authentication, i want the user should be redirected to the custom application end point (i.e. http://internal.app1.com:8090/customapp/?tab=DEFAULT) and all custom headers (received after successful authentication) should also be passed to this custom application running on internal server (http://internal.app1.com:8090/customapp/?tab=DEFAULT). Something like below.
[# http://proxy.apache.com:1234]
BROWSER --> APACHE [WEB-AGENT] <--> OPENAM[AUTHENTICATION]
|
|-------------->[CUSTOM APPLICATION] # http://internal.app1.com:8090/customapp/?tab=DEFAULT
In my proxy pass, i have tried to configure this scenario to work with some options (below excerpts) but seems there is some issue with my configuration.
<VirtualHost *:1234>
#Option-1
<Location /mycustomapp/test1/>
ProxyPass http://internal.app1.com:8090/customapp/?tab=DEFAULT
ProxyPassReverse http://internal.app1.com:8090/customapp/?tab=DEFAULT
</Location>
#Option-2
<Location /mycustomapp/test1/>
RewriteEngine on
ProxyPass http://internal.app1.com:8090/customapp/?tab=DEFAULT
ProxyPassReverse http://internal.app1.com:8090/customapp/?tab=DEFAULT
RewriteRule (.*) http://internal.app1.com:8090/customapp/?tab=DEFAULT [QSA]
</Location>
#Option-3
<Location /customapp/?tab=DEFAULT>
ProxyPass http://internal.app1.com:8090/
ProxyPassReverse http://internal.app1.com:8090/
</Location>
</virtualhost>
With Option-1, when user access the URL http://proxy.apache.com:1234/mycustomapp/test1/, it does get the challenge page from openam/policyagent.
After providing the credentials, however, it is being redirected to different page (custom application's end point) where some other query string parameters are appended (e.g. ?cmd=login&errorPg=ckreq&languageCd=ENG) at the end of URL.
i.e. instead of landing on http://internal.app1.com:8090/customapp/?tab=DEFAULT,
it is landing on http://internal.app1.com:8090/customapp/?cmd=login&errorPg=ckreq&languageCd=ENG
I assume due to the special character (i.e. '?') in the custom application landing page, the request is not correctly redirecting to the final page.
With option-2, though, the user is correctly redirected to the custom application page (i.e. http://internal.app1.com:8090/customapp/?tab=DEFAULT) after successful authentication, however, he is not receiving the headers which are generated by authentication server. Though, i am not sure if the RewriteRule is correct or not in this option.
With Option-3, i am not even landing to the final custom application page. I am not sure if we can use the query string in our Location directive like this.
В конце концов я ищу некоторую помощь для решения вопроса: 1. Правильно попасть на страницу URL пользовательского приложения (т. Е. http://internal.app1.com:8090/customapp/?tab=DEFAULT) после успешной аутентификации. 2. Правильно передать все заголовки(Аутентификация, Авторизация и пользовательские заголовки), полученные от сервера аутентификации до конечной точки приложения.
NOTE: I am able to redirect some other location (say http://proxy.apache.com:1234/testing available on my apache server) to the custom jsp page (e.g. http://internal.app2.com:8080/examples/jsp/header.jsp) available on other server and i can see all the headers passed by openam after successful authentication.
Спасибо Deepak