OpenID Return_To URL verification fail when Kunagi under reverse proxy
I'm implementing Kunagi under an Apache HTTP Reverse Proxy. The scenario is:
Browser <https://FQDN/kunagi/> ReverseProxy <http://localhost:8080/kunagi/> Tomcat
OpenID login fails with "OpenID authentication failed." on login.html
Relevant log on catalina.out:
OpenId:openid.return_to -> https://FQDN/kunagi/login.html | app:kunagi > session:127.0.0.1
ConsumerManager:Verifying return URL; receiving: http://localhost:8080/kunagi/login.html?openid.ns=...........
ConsumerManager:Return URL schema, authority or path verification failed. | app:kunagi > session:127.0.0.1
ConsumerManager:Return_To URL verification failed.| app:kunagi > session:127.0.0.1
The reverse proxy directive under httpd is:
I have url=https\://FQDN/kunagi/ in config.properties.
If I change url to http\://FQDN:8080/kunagi/ (direct access to tomcat), OpenID login works.
Issue is closed.
Tue, Mar 5, 2013, 09:28 by Witek (SM,T)
I have no idea what we should do to help you. We are not Apache experts. On our server we use JkMount to connect Apache with Tomcat. This works fine, as you can see on our demo installation servisto.de/kunagi-demo
Wed, Mar 6, 2013, 13:28 by anonymous
Tomcat is receiving a different URL from the Reverse Proxy and this URL mismatch is what I guess is giving me trouble.
This would happen with other Reverse Proxies too.
Sun, Dec 22, 2013, 13:46 by artjom (PO,T)
Have you been able to solve this issue?