It's all about the answers!

Ask a question

'CRJZS0035E The OAuth signature is not valid' as error when using a reverse proxy


SEC Servizi (97122752) | asked Apr 09 '15, 6:04 a.m.
edited Apr 23 '15, 4:14 a.m.
We are on RTC v4.07 and running on the default Apache Tomcat and we got this error:
CRJZS0035E The OAuth signature is not valid. An application might be configured incorrectly or the consumer secret might be mismatched.
when using a reverse proxy to forward network traffic from clients to CLM application servers.
Our topology is similar to that is discussed in the article https://jazz.net/wiki/bin/view/Deployment/UnderstandingReverseProxy:
topology_RTC_proxy.png
Our reverse proxy listens on port 80 (HTTP) and 443 (HTTPS) and forwards the incoming traffic both to the application server port 9080 (HTTP).
We found the OAuth signature error above due to an incorrect URI construction by Jazz:
https://clm.example.org/jts/proxy?uri=http://clm.example.org/jts/discovery?type=http%253A%252F%252Fjazz.net%252Fns%252Fui%2523HomeMenu%26scope=includeExternal
It seems the proxy URI param does not preserve the initial protocol used by client (i.e., HTTPS instead of HTTP).
Do we have to maintain the protocol matching when forwarding from reverse proxy to application sever?
Thanks in advance.

One answer



permanent link
Donald Nong (14.4k314) | answered Apr 10 '15, 3:33 a.m.
It's not a good idea to open both port 80 and 443 on the reverse proxy, as users can access CLM via the URL http://clm.example.org which is _not_ the public URI.

Comments
SEC Servizi commented Apr 10 '15, 5:23 a.m.

You're right, we fixed that.

Anyway, in this scenario it seems the initial protocol used by client is not preserve on some URI request.

Your answer


Register or to post your answer.