I need your help!
I'm trying to integrate OpenKM, a jboss-based application, behind a revese-proxy managing SSO forward (i.e: manages users authentication once time and propagates authentication on secured applications).
Here are some indications:
OpenKM form login is composed of two fields :
- one for username, j_username
- one for password, j_password
(- and one submit button with "Login" as default value)
OpenKM form login action is /OpenKM/j_security_check
Of course, direct login (i.e. without passing through reverse-proxy) works fine.
Suppose I'm a trusted user (X.509 certificates checking validated) who is trying to connect to https://openkm.mycompany.com. Reverse-proxy authenticates me and then send itself my login/password for to protected OpenKM back-end sever, for example: john/doo.
This last operation consits to send from the reverse-proxy a POST request to /OpenKM/j_security_check with j_username=john&j_password=doo&submit=Login
Unfortunately reverse-proxy receives the following error:
HTTP Status 400 - Invalid direct reference to form login page
Then reverse-proxy is redirected to the authentication page. However authentication has succeeded since if I reload the authentication page (this one where I've been redirected) I'm redirected to OpenKM user interface and OpenKM works finally fine. (I hope I'm clear...)
I ensure you I've got other secured applications behing the reverse proxy which work fine.
So my questions are:
- how to disable this behavior? Is there the possibility to fix my problem?
- If yes, what files have to edit? With what parameters? (...)
I thank you in advance for your help.