[jboss-user] [Installation, Configuration & DEPLOYMENT] - HTTP Status 400 - Invalid direct reference to form login pag

[JohnJoe]

Hi evreybody,

I need your help!

I'm trying to integrate OpenKM, a jboss-based application, behind a revese-proxy managing SSO forward (i.e: manages users authentication once time and propagates authentication on secured applications). 

Here are some indications:

   OpenKM form login is composed of two fields :
     - one for username, j_username
     - one for password, j_password
     (- and one submit button with "Login" as default value)
   OpenKM form login action is /OpenKM/j_security_check

Of course, direct login (i.e. without passing through reverse-proxy) works fine.

Suppose I'm a trusted user (X.509 certificates checking validated) who is trying to connect to https://openkm.mycompany.com. Reverse-proxy authenticates me and then send itself my login/password for to protected OpenKM back-end sever, for example: john/doo. 
This last operation consits to send from the reverse-proxy a POST request to /OpenKM/j_security_check with j_username=john&j_password=doo&submit=Login

Unfortunately reverse-proxy receives the following error:
HTTP Status 400 - Invalid direct reference to form login page

Then reverse-proxy is redirected to the authentication page. However authentication has succeeded since if I reload the authentication page (this one where I've been redirected) I'm redirected to OpenKM user interface and OpenKM works finally fine. (I hope I'm clear...)

I ensure you I've got other secured applications behing the reverse proxy which work fine.

So my questions are:
- how to disable this behavior? Is there the possibility to fix my problem? 
- If yes, what files have to edit? With what parameters? (...)

I thank you in advance for your help.

Regards,

John.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4224412#4224412

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4224412