John:
Thanks for your feedback. I implemented the recommended changes and it worked perfectly! Terry On 2014-08-05, John Baker wrote: > Hello, > > I would suggest you review the Tomcat connector documentation: > > http://tomcat.apache.org/tomcat-7.0-doc/config/http.html [1] > > and in particular: > > http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Common_Attributes [2] > > scheme: Set this attribute to the name of the protocol you wish to have > returned by calls to request.getScheme(). For example, you would set this > attribute to "https" for an SSL Connector. > > To correctly set up Tomcat behind a reverse proxy load balancer, which is > essentially what happens when SSL terminates at the load balancer, the Tomcat > needs to know about the scheme, host and port in order to correctly create > URLs when an application says, "What's the protocol we support? > What's the hostname on which we run?", etc. > > Assuming the BMC code isn't doing anything horrific like assuming HTTP, I > suspect that setting the scheme="https" attribute on the connector will > resolve the issue. Also, set proxyName="lbhostname" and proxyPort="443". > This is configured in the server.xml file on the HTTP connector, ie. > > <Connector port="8080" protocol="HTTP/1.1" > connectionTimeout="20000" redirectPort="8443" > scheme="https" proxyName="loadbalancerfqdn" proxyPort="8443" > /> > > John Baker > -- > SSO Plugin for the BMC product set > http://www.javasystemsolutions.com/jss/ssoplugin [3] > > ____________________________________________________________________________ > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org [4] "Where the > Answers Are, and have been for 20 years" Links: ------ [1] http://tomcat.apache.org/tomcat-7.0-doc/config/http.html [2] http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Common_Attributes [3] http://www.javasystemsolutions.com/jss/ssoplugin [4] http://www.arslist.org _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
