Thanks for input. I have it working now but I had to remove
forwardURL=<RETURN_URL> from the command servlet url as SSPR reported a
5075 error and the SSPR log showed similar to below, so maybe that
doesn't work with CommandServlet?
2016-02-05T09:53:40Z, ERROR, filter.SessionFilter, {4r} 5075
ERROR_REDIRECT_ILLEGAL (unable to parse url: Illegal character in path
at index 0: <RETURN_URL>) []
2016-02-05T09:53:40Z, ERROR, http.PwmRequest, {4r} 5075
ERROR_REDIRECT_ILLEGAL (unable to parse url: Illegal character in path
at index 0: <RETURN_URL>) []
If I set the Login Redirect URL setting to just: the it will work
and if usere is in warning period they'll be shown warning screen with
Skip option and Skip takes them to where they were going, if the
password is expired or just about to they get the Expired password page
where they're required to set the new password. If they have plenty of
time left they are redirected to where they were going. So that's all

However, we have 3 different domain urls, and (the apps behind these
urls are located in the same place its just we brand the pages
differently). We've created separate reverse proxies for the 3 company
urls. As SSPR is protected by NAM and the application URL in the config
needs to be a FQDN url whereas before it could be a relative path, how
do I achieve the following:
application URL= but user works for one of the
other companys in the group and so accesses
I can configure the contract for to have a Login
but that will mean he will need to login again as SSPR will not be using
the contract for
I tried configuring a proxy service and protected resource for SSPR on
the reverse proxy and provide Login Return
that just leads to a 5075 error as below
2016-02-05T07:48:29Z, ERROR, filter.SessionFilter, {4n} 5075
ERROR_REDIRECT_ILLEGAL ( is not a match for any
configured redirect whitelist, see setting: Settings ? Security ? Web
Security ? Redirect Whitelist) []
So do I need to add a whitelist entry or have I done something wrong?

ratclma's Profile:
View this thread: