Mojoportal behind Microsoft UAG reverse proxy login issues

This is an open forum for any mojoPortal topics that don't fall into the other categories.

This thread is closed to new posts. You must sign in to post in the forums.
10/3/2011 3:23:31 PM
xpingjockey
Gravatar
Total Posts 3
View Posts

Mojoportal behind Microsoft UAG reverse proxy login issues

Running latest mojoportal (2.3.7.0) on IIS7.5, MSSQL 2008.

The real catch is with the microsoft UAG (forefront unified access gateway) reverse proxy. If I have the site running only on http, everything works great! When I enable SSL without enforcing it on the whole site; the login (http to https) redirect works great; but after entering username and password on the https login page, the whole redirect blows up (thanks to UAG) even though I've got all the UAG functionality disabled.

Is there a way to force the login to open a new page and close the old (rather than keep the session alive - which UAG is killing)?

The other alternative fix I think would work, would be to keep logged in users in HTTPS, rather than redirect back to HTTP...

 

Any ideas would be much appreciated.

10/3/2011 3:32:14 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Mojoportal behind Microsoft UAG reverse proxy login issues

If the SSL certificate is on the proxy server rather than the web server, then the typical ways of detecting a secure connection with Request.IsSecureConnection doesn't work because from the web server point of view it is running http over port 80 even though the proxy server is using SSL. So this makes it difficult to do the redirecting correctly.

What you need to find out is if the proxy server is sending some alternate way for the web server to detect if it is a secure request. Probably it sets a custom server variable but I would need to know what it is providing then maybe I can tell you something to try configuration that may make it work. I don't know anything about UAG, so you'll have to do the research on it and tell me if it does provide a custom server variable for secure requests and if so what that variable is.

Best,

Joe

10/3/2011 3:35:35 PM
xpingjockey
Gravatar
Total Posts 3
View Posts

Re: Mojoportal behind Microsoft UAG reverse proxy login issues

SSL Certs are on both the proxy and the web server. The site works fine with the redirects internally. I'm still researching the UAG thing, as it's fairly new to me.

I think the route to keep logged in users in HTTPS, rather than redirect back to HTTP will likely be the best (or easiest fix) for this issue. Hopefully this isn't too difficult..

10/6/2011 2:43:50 PM
xpingjockey
Gravatar
Total Posts 3
View Posts

Re: Mojoportal behind Microsoft UAG reverse proxy login issues

Update:

Changed from UAG to TMG for reverse proxy to eliminate URL rewriting rules.

Now what is happening, the request is getting stuck in a loop.

http://social.technet.microsoft.com/Forums/en/Forefrontedgegeneral/thread/6b58c704-7d42-4168-82e6-8fa302d5e12f

For anyone's future reference see here for the fix!

http://fixmyitsystem.com/2011/05/https-to-http-redirect-causes-endless.html

You must sign in to post in the forums. This thread is closed to new posts.