In some circumstances OpenAM requires outbound connections to external web services. A good example is the OpenID Connect flow during social media login where OpenAM will try to retrieve user profile attributes from https://www.googleapis.com or https://graph.facebook.com. Another example is where a scripted module is being used which makes a call to an external endpoint or API (ID proofing service called from a scripted auth module, etc). If OpenAM is behind an outbound web proxy then these connections will fail unless configured to use the proxy.
Access to web proxies is typically a function of OpenAM's container. In the case of tomcat, proxy services are provided by the JVM. Something like the following, added to <tomcat-dir>/bin/setenv.sh should be sufficient:
The above seems to cater for both http and https protocols, although Java technotes also refer to http.proxyHost and https.proxyHost as separate directives.
For proxies requiring authentication also add the following directives: