OpenID Return_To URL verification fail when Kunagi under reverse proxy

I'm implementing Kunagi under an Apache HTTP Reverse Proxy. The scenario is:
Browser <https://FQDN/kunagi/> ReverseProxy <http://localhost:8080/kunagi/> Tomcat

OpenID login fails with "OpenID authentication failed." on login.html

Relevant log on catalina.out:
OpenId:openid.return_to -> https://FQDN/kunagi/login.html | app:kunagi > session:127.0.0.1
ConsumerManager:Verifying return URL; receiving: http://localhost:8080/kunagi/login.html?openid.ns=...........
ConsumerManager:Return URL schema, authority or path verification failed. | app:kunagi > session:127.0.0.1
ConsumerManager:Return_To URL verification failed.| app:kunagi > session:127.0.0.1

The reverse proxy directive under httpd is:
<Location /kunagi/>
ProxyPass http://localhost:8080/kunagi/
ProxyPassReverse http://localhost:8080/kunagi/
</Location>

I have url=https\://FQDN/kunagi/ in config.properties.

If I change url to http\://FQDN:8080/kunagi/ (direct access to tomcat), OpenID login works.

Status

Issue is closed.

Comments

Tue, Mar 5, 2013, 09:28 by Witek (SM,T)

I have no idea what we should do to help you. We are not Apache experts. On our server we use JkMount to connect Apache with Tomcat. This works fine, as you can see on our demo installation servisto.de/kunagi-demo

Wed, Mar 6, 2013, 13:28 by anonymous

Tomcat is receiving a different URL from the Reverse Proxy and this URL mismatch is what I guess is giving me trouble.
This would happen with other Reverse Proxies too.

Sun, Dec 22, 2013, 13:46 by artjom (PO,T)

Have you been able to solve this issue?

Post a comment



optional
optional