Institutions typically use different ways (Shibboleth, LDAP, etc.) to authenticate users. It is difficult to achieve a one-size-fits-all deployment to address all the different authentication in OLE. This bottleneck can be cleared by using a reverse proxy.
...
In our case, the reverse proxy server hosts an Apache HTTP server with modules to implement a proxy (mod_proxy) which would also host the authentication logic. Following successful authentication, the user is passed in the RequestHeader and the request is forwarded to the Tomcat server hosting OLE. Unsuccessful authentication is handled appropriately.
To get this working successfully a few configurations are needed. The significant ones are listed below for reference.
...
If you are experiencing HTTP 501 ("Method Not Implemented") errors, this may be the cause. Check your Apache version and error logs for messages such as "ajp_marshal_into_msgb - No such method PATCH".
Possible Fixes
- Use mod_proxy_http instead of mod_proxy_ajp in your proxy setup.
- Use at least Apache 2.4.4 with mod_proxy_ajp.
- Use mod_jk instead of mod_proxy_ajp.