Access Manager 3.1.4 with J2EE agent on Websphere 7.x

We need the IDP login to return to the original - initial URL and not
the single value setup in the J2EE agent config via Admin Console.

Our customer has multiple virtual hosts (and IP's) set up on the same

A user can hit the J2EE protected system via 2 hostnames (and

bbbbb is the boxes hostname f5LBname is a virtual host on the box (and
part of a cluster).

In both cases they are routed back to the idp and can log in (yeah!).


An administrator( user ) goes to perform non clustered access
(administration of the app - debugging) to the system - and is forwared to the idp. They log in.

The user is then directed to the 'application server URL', which seems
to not know how to handle the user (boo). We get a blank screen for a
url for the server spcified in the

I would guess the id is not trusted by the login servlet as it did not
start the process (bbbbb did)

My cutomer has stated this is requirement. The J2EE agent is a
replacement for Websphere LDAP Realm authentication which will challenge
for any hostname presented to the webserver/protected resource.

Does some capability exist to allow the application server url to use
the original url?

The very first protected request to bbbbb/login gets a 302 redirect to


Another redirect then send it off to the IDP

Thought, Ideas, Help (Happy Holidays)


mmurraynovell's Profile:
View this thread: