Are EasySSO Server Licenses Still Available to Purchase?
When Apache acts as a reverse proxy, i.e. performs HTTP (port) forwarding it requires additional configuration to correctly work with the SSO state machine.
If you are running NGINX - see Configuring NGINX as reverse proxy for EasySSO. If you are running IIS - see Configuring IIS as reverse proxy for EasySSO.
The page from Atlassian - Proxying Atlassian server applications with Apache HTTP Server (mod_proxy_http), can serve as a reference for general configuration of Apache when used with Atlassian products.
The configuration requires additional lines (#6-9 in the example below) to be added. The purpose of these lines is to add the "Jespa-Connection-Id" header that has a value combining the remote client's IP address and port.
The sample configuration below assumes a local proxy, mod_proxy, mod_headers and mod_rewrite being loaded (elsewhere in Apache configuration), Jira running on context "/jira" and listening on port 2990 on localhost.
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /jira http://localhost:2990/jira
ProxyPassReverse /jira http://localhost:2990/jira
RewriteEngine On
RewriteRule .* - [E=INFO_REMOTE_ADDR:%{REMOTE_ADDR},NE]
RewriteRule .* - [E=INFO_REMOTE_PORT:%{REMOTE_PORT},NE]
RequestHeader set Jespa-Connection-Id "%{INFO_REMOTE_ADDR}e:%{INFO_REMOTE_PORT}e"
Once you reconfigured your Apache this way the telltale sign of it working will be in jespa.log at log level 4 - see *bold values*, showing the remote client's IP address and port as opposed to the proxy's one. Some values have been obscured with ****
2015-03-13 19:44:37: HttpSecurityService: C: GET /rest/mywork/latest/status/notification/count
2015-03-13 19:44:37: HttpSecurityService: Request Headers: host=********* | x-requested-with=XMLHttpRequest | accept=application/json, text/javascript, /; q=0.01 | referer=******* | accept-language=en-AU | accept-encoding=gzip, deflate | user-agent=Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) | dnt=1 | cookie=confluence-sidebar.width=55; confluence.browse.space.cookie=space-blogposts; JSESSIONID=592AF09B33C01304B1D068007FA41E93 | authorization=NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== | jespa-connection-id=172.16.9.39:62624 | x-forwarded-for=172.16.9.39 | x-forwarded-host=******* | x-forwarded-server=******** | connection=Keep-Alive
2015-03-13 19:44:37: HttpSecurityService: Loading session state from session 592AF09B33C01304B1D068007FA41E93
2015-03-13 19:44:37: HttpSecurityService: Importing provider state
2015-03-13 19:44:37: HttpSecurityService: Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
2015-03-13 19:44:37: HttpSecurityService: 172.16.9.39:62624: token.length=40
2015-03-13 19:44:37: HttpSecurityService: AuthContext: 172.16.9.39:62624