查询字符串的反向代理重定向问题

Question

我也在尝试使用一个身份验证服务器在Windows上使用我的apache（apachelounge的v2.4.38）配置反向代理。     场景很简单。

From my client(browser), user access the location of my apache server (say /mycustomapp/test1/). 
On this apache web server, openam policy agent is also configured to work along with the openam server.
Using the openam (authentication server), i have protected my apache's /mycustomapp/test1/ URL.
Behind the reverse proxy, there is one custom application (say http://internal.app1.com:8090/customapp/?tab=DEFAULT).
So, after successfull authentication, i want the user should be redirected to the custom application end point (i.e. http://internal.app1.com:8090/customapp/?tab=DEFAULT) and all custom headers (received after successful authentication) should also be passed to this custom application running on internal server (http://internal.app1.com:8090/customapp/?tab=DEFAULT). Something like below.

        [# http://proxy.apache.com:1234]
BROWSER --> APACHE [WEB-AGENT]  <--> OPENAM[AUTHENTICATION]
                    |
                    |-------------->[CUSTOM APPLICATION] # http://internal.app1.com:8090/customapp/?tab=DEFAULT

In my proxy pass, i have tried to configure this scenario to work with some options (below excerpts) but seems there is some issue with my configuration.

<VirtualHost *:1234>
#Option-1    
    <Location /mycustomapp/test1/>
        ProxyPass   http://internal.app1.com:8090/customapp/?tab=DEFAULT
        ProxyPassReverse    http://internal.app1.com:8090/customapp/?tab=DEFAULT
    </Location>
#Option-2
    <Location /mycustomapp/test1/>
        RewriteEngine on
        ProxyPass   http://internal.app1.com:8090/customapp/?tab=DEFAULT
        ProxyPassReverse    http://internal.app1.com:8090/customapp/?tab=DEFAULT
        RewriteRule (.*) http://internal.app1.com:8090/customapp/?tab=DEFAULT [QSA]
    </Location>
#Option-3   
    <Location /customapp/?tab=DEFAULT>
        ProxyPass   http://internal.app1.com:8090/
        ProxyPassReverse    http://internal.app1.com:8090/
    </Location>
</virtualhost>

With Option-1, when user access the URL http://proxy.apache.com:1234/mycustomapp/test1/, it does get the challenge page from openam/policyagent.
After providing the credentials, however, it is being redirected to different page (custom application's end point) where some other query string parameters are appended (e.g. ?cmd=login&errorPg=ckreq&languageCd=ENG) at the end of URL.
i.e. instead of landing on http://internal.app1.com:8090/customapp/?tab=DEFAULT, 
it is landing on http://internal.app1.com:8090/customapp/?cmd=login&errorPg=ckreq&languageCd=ENG
I assume due to the special character (i.e. '?') in the custom application landing page, the request is not correctly redirecting to the final page.

With option-2, though, the user is correctly redirected to the custom application page (i.e. http://internal.app1.com:8090/customapp/?tab=DEFAULT) after successful authentication, however, he is not receiving the headers which are generated by authentication server. Though, i am not sure if the RewriteRule is correct or not in this option.

With Option-3, i am not even landing to the final custom application page. I am not sure if we can use the query string in our Location directive like this.

最终，我正在寻求一些帮助来解决以下问题：   1.成功通过身份验证后，正确登录到自定义应用程序URL页面（即http://internal.app1.com:8090/customapp/?tab=DEFAULT）。   2.将从身份验证服务器收到的所有标头（身份验证，授权和自定义标头）正确传递到应用程序端点。

NOTE: I am able to redirect some other location (say http://proxy.apache.com:1234/testing available on my apache server) to the custom jsp page (e.g. http://internal.app2.com:8080/examples/jsp/header.jsp) available on other server and i can see all the headers passed by openam after successful authentication.

谢谢   迪帕克