Unable to Access Okta Access Gateway App When It Is Behind a Proxy and Host Header Is Set to Private Domain

When setting up a new header-based app in OAG, and the app is behind a proxy, admins want to make it global, which means the Host Header was set to "Private", but in the public domain, a public URL with a CNAME is in place, and it's pointing to OAG. After these changes are made, the application complains that it is not receiving the username from OAG, and the login fails.

• Okta Access Gateway (OAG)

1. First, please consult the application and/or application server documentation on how to configure the application to be placed behind a reverse proxy or load-balancer.

2. If there is no documentation but still have the issue, first try enabling Host Header (Set it to "Public"):

   1. Access the OAG Admin UI and edit the Application in question.

   2. Under Advanced > enable Host Header (Set it to Public Domain).

3. If not working, please disable Host Headers > under Advanced > disable Host Header (Set it to Private Domain).

4. Next, click on Policies Tab > edit Root > Advanced > paste the script below > click on Not Validated > Save > Click Done.

proxy_set_header host $host:443;

5. Try accessing the app again.

6. If still unsuccessful, repeat step 3, but instead, type the following script and click on Not Validated > Save > click Done.

proxy_redirect ~^https://[^/]+(/.+)$ https://$host$1;

7. Try accessing the app again. Please open a support case if the issue persists.