We are using Apache HTTP server for reverse proxy. The Apache HTTP server is self-signed and has SSL enabled. Any request to PicketLink IDP is fronted by Apache HTTP and then re-directs to the IDP. The Apache HTTP server is located in a different box.
The Web Server holding Jboss-eap-6.2 is on another box. We have another self-signed certificate in jbossHome/standalone/configuration folder. This certificate is used to enable SSL on JBoss server.
I have modified the standalone.xml as per the configurations provided in "Using a SSL Secured Channel - PicketLink - Project Documentation Editor". For the <jsse> tag, I have given the certificate details which are on JBoss configuration folder.
Problem: While trying to log in to the application using "https" works fine. When I enter user name and password, the it fallbacks to form-based authentication with "http". Hence I have to log in twice when I do it from IE browser.
It has been given that "The configuration above will first try to validate any provided certificate. If no certificate was provided or the authentication fails, we fallback to a user/password based authentication." in the above link. I understand that the validation of the certificate is failing as my credentials to the application are correct.
Question: Should I provide Apache HTTP server certificate details in the <jsse> tag of Standalone.xml? Or is there any other way I need to configure for reverse proxy?
I also read "IDP Reverse Proxy support - PicketLink - Project Documentation Editor" and tried to use "SSLValve" but I could not able to find the valve in any of the jar.
Please help me in resolving the issue.
Any suggestions, ideas would be appreciated.