Child pages
  • Configure OpenAM to use outbound web proxy
Skip to end of metadata
Go to start of metadata

Introduction

In some circumstances OpenAM requires outbound connections to external web services. A good example is the OpenID Connect flow during social media login where OpenAM will try to retrieve user profile attributes from https://www.googleapis.com or https://graph.facebook.com. Another example is where a scripted module is being used which makes a call to an external endpoint or API (ID proofing service called from a scripted auth module, etc). If OpenAM is behind an outbound web proxy then these connections will fail unless configured to use the proxy.

Solution

Access to web proxies is typically a function of OpenAM's container. In the case of tomcat, proxy services are provided by the JVM. Something like the following, added to <tomcat-dir>/bin/setenv.sh should be sufficient:

JAVA_OPTS="-DproxySet=true -DproxyHost=<MyWebProxy> -DproxyPort=<MyWebProxyPort> -DnonProxyHosts='*.example.com' $JAVA_OPTS"

Notes

The above seems to cater for both http and https protocols, although Java technotes also refer to http.proxyHost and https.proxyHost as separate directives.

For proxies requiring authentication also add the following directives:

proxyUser=<username>

proxyPassword=<password>

 

See also:

http://docs.oracle.com/javase/6/docs/technotes/guides/net/proxies.html

http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html

 

 

  • No labels

1 Comment

  1. Unknown User (ytheva)

    Hi,

    Thanks for the post.

    My Problem is that OpenAM communicates with the agent via direct connection. 
    I see that the java application does perform a DNS lookup which fails. (Failing is expected) 
    It should obviously try to connect through the proxy server. There is no traffic in cia proxy in my trace.

     

    Any idea how i can test with OpenAM the proxy settings?