Opensso running behind reverse proxy redirect issue

Question

We are using opensso to authenticate users in our applications. Each application lives behind reverse proxy so as OpenSSO and when user authenticated, username from SSO used to create user session in the application.

OpenSSO deployed in Jetty on port 8080 on host admin.mynet so when running without reverse proxy it is accessible via http admin.mynet:8080/opensso

SSO server should be accessible via reverse proxy only and via https on port 443 which would be translated by nginx to an internal http resquest to port 8080. The host name needs to be resolved to proxy rather then SSO server. So hitting https admin.mynet/opensso should show SSO pages.

The problem is that having this configuration up and running, hitting https://admin.mynet/opensso/UI/Login SSO sends back 302 with location http://admin.mynet:8080/opensso/UI/Login. So SSO does not want to handle requests coming from

Answer 1

Assuming an ip address of 10.0.0.10 for admin.mynet, the following block should work:

server {
   listen 443;
   server_name  admin.mynet;   
   ssl          on;
   location / {
        proxy_pass        http://10.0.0.10:8080;
        proxy_set_header  X-Real-IP  $remote_addr;
   }
   location /opensso {
        proxy_pass        http://10.0.0.10:8080;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  Host admin.mynet:8080;
   }
}