Apache 2.0.54 Proxy information request

------_=_NextPart_001_01C601BC.1EBD0B5C
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi all, =20

I'm new, have mercy. I've set up an Apache server in my DMZ and it
is accessed via port 443 only. I reverse proxy requests to a back-end
IIS server and application. My issue is with SSO. I configured my
Apache Server in a test environment to accept and reverse proxy requests
over port 80 and the information is passed correctly to the IIS server
and application and allows the user to SSO. However, when I change this
to port 443, the SSO no longer works. I can get to the backend app, but
no SSO. Is there something I haven't configured properly? =20



------_=_NextPart_001_01C601BC.1EBD0B5C
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable




charset=3Dus-ascii">
6.0.6617.6">

Hi all, 

    I'm new, have =
mercy.  I've set up an Apache server in my DMZ and it is accessed =
via port 443 only.  I reverse proxy requests to a back-end IIS =
server and application.  My issue is with SSO.  I configured =
my Apache Server in a test environment to accept and reverse proxy =
requests over port 80 and the information is passed correctly to the IIS =
server and application and allows the user to SSO.  However, when I =
change this to port 443, the SSO no longer works.  I can get to the =
backend app, but no SSO.  Is there something I haven't configured =
properly? 

RE: Apache 2.0.54 Proxy information request

Plain text please...

I assume when say "port 443" you mean HTTPS and not that you're just =
changing the port number under normal HTTP. Your main application is an =
undefined Single Sign-On authentication scheme. Your set up is:

Internet <--HTTPS--> apache <--HTTP--> IIS

....and this works. But when you change to:

Internet <--HTTPS--> apache <--HTTPS--> IIS

....it doesn't.

So it looks like your SSO application doesn't work via HTTPS. What do =
you get in the apache and/or IIS logs? Is there any SSO logging?

BTW, What happens if you try:

DMZ browser <--HTTPS--> IIS

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20

-----Original Message-----
From: Rosado, Rodolfo CTR MDA/IOM [mailto:Rodolfo.Rosado.CTR@mda.mil]
Sent: Donnerstag, 15. Dezember 2005 22:12
To: users@httpd.apache.org
Subject: [users@httpd] Apache 2.0.54 Proxy information request


Hi all, =20
I'm new, have mercy. I've set up an Apache server in my DMZ and it =
is accessed via port 443 only. I reverse proxy requests to a back-end =
IIS server and application. My issue is with SSO. I configured my =
Apache Server in a test environment to accept and reverse proxy requests =
over port 80 and the information is passed correctly to the IIS server =
and application and allows the user to SSO. However, when I change this =
to port 443, the SSO no longer works. I can get to the backend app, but =
no SSO. Is there something I haven't configured properly?=20
=20
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat =
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. =
This e-mail is of a private and personal nature. It is not related to =
the exchange or business activities of the SWX Group. Le pr=E9sent =
e-mail est un message priv=E9 et personnel, sans rapport avec =
l'activit=E9 boursi=E8re du Groupe SWX.
=20
=20
This message is for the named person's use only. It may contain =
confidential, proprietary or legally privileged information. No =
confidentiality or privilege is waived or lost by any mistransmission. =
If you receive this message in error, please notify the sender urgently =
and then immediately delete the message and any copies of it from your =
system. Please also immediately destroy any hardcopies of the message. =
You must not, directly or indirectly, use, disclose, distribute, print, =
or copy any part of this message if you are not the intended recipient. =
The sender's company reserves the right to monitor all e-mail =
communications through their networks. Any views expressed in this =
message are those of the individual sender, except where the message =
states otherwise and the sender is authorised to state them to be the =
views of the sender's company.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Apache 2.0.54 Proxy information request

Thanks for your reply,=20

Working:
Intranet(WAN)---HTTP---> apache <---HTTP--> IIS ---> Plumtree Portal SSO =
(using AD Authentication)

Not Working:
Intranet(WAN)---HTTPS---> apache <---https---> IIS ----> Plumtree Portal =
SSO (using AD Authentication)

Working:
Intranet ---HTTPS---> IIS <---> Plumtree Portal SSO (using AD =
Authentication)

When opening access to the other ITO's on the WAN they will be coming in =
over https. The reason I need to keep apache on the front door is I'll =
also have internet traffic coming through the same pipe and need to =
protect my back-end. Apache will reside in the DMZ. =20

Rod



-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com]=20
Sent: Friday, December 16, 2005 4:06 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Apache 2.0.54 Proxy information request


Plain text please...

I assume when say "port 443" you mean HTTPS and not that you're just =
changing the port number under normal HTTP. Your main application is an =
undefined Single Sign-On authentication scheme. Your set up is:

Internet <--HTTPS--> apache <--HTTP--> IIS

....and this works. But when you change to:

Internet <--HTTPS--> apache <--HTTPS--> IIS

....it doesn't.

So it looks like your SSO application doesn't work via HTTPS. What do =
you get in the apache and/or IIS logs? Is there any SSO logging?

BTW, What happens if you try:

DMZ browser <--HTTPS--> IIS

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20

-----Original Message-----
From: Rosado, Rodolfo CTR MDA/IOM [mailto:Rodolfo.Rosado.CTR@mda.mil]
Sent: Donnerstag, 15. Dezember 2005 22:12
To: users@httpd.apache.org
Subject: [users@httpd] Apache 2.0.54 Proxy information request


Hi all, =20
I'm new, have mercy. I've set up an Apache server in my DMZ and it =
is accessed via port 443 only. I reverse proxy requests to a back-end =
IIS server and application. My issue is with SSO. I configured my =
Apache Server in a test environment to accept and reverse proxy requests =
over port 80 and the information is passed correctly to the IIS server =
and application and allows the user to SSO. However, when I change this =
to port 443, the SSO no longer works. I can get to the backend app, but =
no SSO. Is there something I haven't configured properly?=20
=20
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat =
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. =
This e-mail is of a private and personal nature. It is not related to =
the exchange or business activities of the SWX Group. Le pr=E9sent =
e-mail est un message priv=E9 et personnel, sans rapport avec =
l'activit=E9 boursi=E8re du Groupe SWX.
=20
=20
This message is for the named person's use only. It may contain =
confidential, proprietary or legally privileged information. No =
confidentiality or privilege is waived or lost by any mistransmission. =
If you receive this message in error, please notify the sender urgently =
and then immediately delete the message and any copies of it from your =
system. Please also immediately destroy any hardcopies of the message. =
You must not, directly or indirectly, use, disclose, distribute, print, =
or copy any part of this message if you are not the intended recipient. =
The sender's company reserves the right to monitor all e-mail =
communications through their networks. Any views expressed in this =
message are those of the individual sender, except where the message =
states otherwise and the sender is authorised to state them to be the =
views of the sender's company.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server =
Project. See for more info. =
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org