After a fresh installation of the Risk Server and Admin Console, users encounter an infinite login loop when attempting to authenticate as MASTERADMIN through an Apache reverse proxy.

Symptoms:

• The login page loads correctly at https://<Host-Name>/arcotadmin/masteradminlogin.htm.

• Upon submitting credentials, the page refreshes or loops back to the login screen.

• The Admin log file contains the following error: ERROR : web.interceptor.LinkControlInterceptor : Invalid host details found in the header details.

Release : 9.1

Component : RiskMinder(Arcot RiskFort)

The AA Admin Console performs a security check to ensure that the Host header in the incoming HTTP request matches the destination server expected by the application.

By default, many reverse proxy configurations (like Apache mod_proxy) rewrite the Host header to match the internal IP or hostname of the application server. When the Admin Console receives a header that doesn't match the original URL used by the admin, the LinkControlInterceptor rejects the request as a potential security risk, causing the session to fail and the login to loop.

To resolve this, you must configure the Apache reverse proxy to pass the original Host header from the client's request through to the backend Arcot server.

1. Access your Apache HTTP Server configuration file (typically httpd.conf or a specific virtual host file in sites-enabled).

2. Locate the <VirtualHost> or <Location> block handling the Arcot Admin traffic.

3. Add or modify the following directive:

4. ProxyPreserveHost On

5. Save the configuration file.

6. Restart the Apache service to apply changes:

   • Linux: sudo systemctl restart httpd or apache2

   • Windows: Restart the Apache service via services.msc