Maximo

 View Only

 Exposing MAS9 Mobile App to the Internet - Reverse Proxy issues

Justin Cenedese's profile image
Justin Cenedese posted Thu May 29, 2025 02:17 PM

Hello - we are currently setting up a net new MAS 9 installation and are running into struggles with exposing Manage/MAS through a reverse proxy. We are new to Maximo and MAS 9 as an org.

Our current technology standard is Azure Application Proxy (mostly for SSO and PreAuth reasons) but we are running into struggles with the configuration, specifically around the structure of URLs that MAS requires.

The biggest struggle has been to get the Navigator https://home.<workspace_id>.<mas_domain> and Manage https://<workspace_id>.manage.<mas_domain> URLs to work with the other application URLs such as https://admin.<mas_domain>, https://api.<mas_domain>, etc.

Right now the proxy piece seems to be breaking on rewriting the domains and MAS doing its own internal redirects. We can get to the login page and log in, but portlets do not load and the API URL does not fetch the correct URL either.

Has anyone attempted to proxy this application using Azure App Proxy, or can share some tips around this proposed deployment pattern? 

Thank you!

Jason VenHuizen's profile image
Jason VenHuizen IBM Champion posted Fri May 30, 2025 11:32 AM

I wrote a post on reverse proxy-ing MAS with nginx which you may find helpful.  

https://www.sharptree.io/blog/2023/2023-01-24-mas-reverse-proxy/

If you have other questions feel free to reach out.  

Diego Visentin's profile image
Diego Visentin posted Wed February 04, 2026 04:58 PM

Hi Justin,
did you find a solution to the problem? If so, I'd appreciate it if you could share the solution.

I'm trying out the solution that  @Jason VenHuizen shared a while ago.
I can log in and access the "Suite Navigator" page. However, when I try to access Manage via the left menu bar (e.g., to navigate to the Start Center page), I receive the following error message:
CWOAU0073E: An authentication error occurred. Try closing the web browser and authenticating again, or contact the site administrator if the problem persists.
The Manage pod log reports this:
[ERROR   ] CWWKS1520E: A request to [https://tws.manage.[internal-domain]/oidcclient/redirect/oidc] is not valid. A required cookie with a name that begins with WASReqURLOidc is missing. 
The host name that is used to access the client might not match the name that is registered at the provider. A response code of 500 is returned.
Has anyone used that configuration with MAS v9.1? Are there any changes that need to be made?

Related Content