Okta Access Gateway NGINX Fails to Translate the Host Variable in the URL Correctly

Okta Access Gateway (OAG) NGINX processes the $host variable based on a specific order of precedence, which causes NGINX to fail to translate the $host variable in the URL correctly. Replacing the $host variable with the explicit hostname in the advanced policy syntax resolves this URL translation failure.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Okta Access Gateway (OAG)
• NGINX

NGINX processes the $host variable in a strict order of precedence. NGINX evaluates the hostname from the request line first, followed by the hostname from the Host request header field, and finally the server name matching a request. If the expected hostname does not align with this precedence, Okta fails to translate the URL correctly.

How is the host variable translation issue resolved?

Modify the advanced policy syntax to replace the $host variable with the explicit hostname to ensure correct URL translation.

1. Locate the advanced policy syntax containing the $host variable.
2. Replace the $host variable with the actual hostname.
3. Retest the application to confirm the correct URL translation.

Review the following example demonstrating the replacement of the $host variable with the explicit hostname.

Original syntax:

if ($request_uri ~ "^/$") {  
    rewrite ^ $scheme://$host/prweb/PRWebLDAP2 ;  
}; 

Updated syntax:

if ($request_uri ~ "^/$") {  
    rewrite ^ $scheme://mywebserver.domain.com/prweb/PRWebLDAP2 ;  
};