0 Replies Latest reply on Apr 8, 2009 11:47 AM by Joe Doo

    HTTP Status 400 - Invalid direct reference to form login pag

    Joe Doo Newbie

      Hi evreybody,

      I need your help!

      I'm trying to integrate OpenKM, a jboss-based application, behind a revese-proxy managing SSO forward (i.e: manages users authentication once time and propagates authentication on secured applications).

      Here are some indications:

      OpenKM form login is composed of two fields :
      - one for username, j_username
      - one for password, j_password
      (- and one submit button with "Login" as default value)
      OpenKM form login action is /OpenKM/j_security_check

      Of course, direct login (i.e. without passing through reverse-proxy) works fine.

      Suppose I'm a trusted user (X.509 certificates checking validated) who is trying to connect to https://openkm.mycompany.com. Reverse-proxy authenticates me and then send itself my login/password for to protected OpenKM back-end sever, for example: john/doo.
      This last operation consits to send from the reverse-proxy a POST request to /OpenKM/j_security_check with j_username=john&j_password=doo&submit=Login

      Unfortunately reverse-proxy receives the following error:
      HTTP Status 400 - Invalid direct reference to form login page

      Then reverse-proxy is redirected to the authentication page. However authentication has succeeded since if I reload the authentication page (this one where I've been redirected) I'm redirected to OpenKM user interface and OpenKM works finally fine. (I hope I'm clear...)

      I ensure you I've got other secured applications behing the reverse proxy which work fine.

      So my questions are:
      - how to disable this behavior? Is there the possibility to fix my problem?
      - If yes, what files have to edit? With what parameters? (...)

      I thank you in advance for your help.