boblmartens Super Contributor.
Super Contributor.
671 views

SSPR HTTPS through Apache


We are setting up a new authentication server for our campus which will
use a combination of SSPR + Jasig CAS to handle the bulk of the problems
we have been running into. We want to proxy access through an Apache 2.4
installation with SSL at that level, but when I change our security
settings to require HTTPS, I get the following warning:

> Non-secure (HTTP) connections are not permitted to this system. Please
> try again using a secure (HTTPS) connection. { 5044
> ERROR_SECURE_REQUEST_REQUIRED }


I am wondering how I can get things working the way I would like:
requiring HTTPS and proxying the requests to SSPR through Apache 2.4

Thanks!


--
boblmartens
------------------------------------------------------------------------
boblmartens's Profile: https://forums.netiq.com/member.php?userid=7781
View this thread: https://forums.netiq.com/showthread.php?t=53625

0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: SSPR HTTPS through Apache

I'm guessing this is because the Apache Tomcat instance behind your Apache
httpd service is not communicated-with via HTTPS. SSPR does not see the
connection to it (from the client, Apache httpd in this case) as being
SSLized and warns you that data are, somewhere, unencrypted. Enable SSL
between httpd and Tomcat and you should probably be fine. Alternatively,
if you trust your httpd-to-Tomcat connection
entirely/absolutely/ultimately, you could probably disable the warning,
though I've never tried that as it's better to just setup SSL.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
boblmartens Super Contributor.
Super Contributor.

Re: SSPR HTTPS through Apache


ab;257723 Wrote:
> I'm guessing this is because the Apache Tomcat instance behind your
> Apache
> httpd service is not communicated-with via HTTPS. SSPR does not see the
> connection to it (from the client, Apache httpd in this case) as being
> SSLized and warns you that data are, somewhere, unencrypted. Enable SSL
> between httpd and Tomcat and you should probably be fine.
> Alternatively,
> if you trust your httpd-to-Tomcat connection
> entirely/absolutely/ultimately, you could probably disable the warning,
> though I've never tried that as it's better to just setup SSL.
>
> --
> Good luck.
>
> If you find this post helpful and are logged into the web interface,
> show your appreciation and click on the star below...


In this case I am going to end up setting up SSL on Tomcat and then
proxying from HTTPD to Tomcat on port 8443 instead of 8080? Both the
Tomcat and HTTPD instances live on the same host.


--
boblmartens
------------------------------------------------------------------------
boblmartens's Profile: https://forums.netiq.com/member.php?userid=7781
View this thread: https://forums.netiq.com/showthread.php?t=53625

0 Likes
Knowledge Partner
Knowledge Partner

Re: SSPR HTTPS through Apache

Yes, that'd probably fix the problem.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
boblmartens Super Contributor.
Super Contributor.

Re: SSPR HTTPS through Apache


I'll attempt that configuration and report back as soon as I can. Thanks
for the help!


--
boblmartens
------------------------------------------------------------------------
boblmartens's Profile: https://forums.netiq.com/member.php?userid=7781
View this thread: https://forums.netiq.com/showthread.php?t=53625

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.