502 Bad Gateway or SocketTimeoutException when using IG (All versions)

Last updated Apr 24, 2019

The purpose of this article is to provide assistance if you encounter a 502 Bad Gateway response when routing from IG to a custom endpoint, or an endpoint in IDM or AM using a ClientHandler. This response is accompanied by a " null" error.

1 reader recommends this article


An error similar to one of the following is shown in the web application container log (for example, catalina.out for Apache Tomcat™) when the endpoint is called from IG (this may be an intermittent error):

--- (response) id:aa167dcf-461d-513b-a942-9272bad726fb-736 ---

HTTP/1.1 502 Bad Gateway
Context's content :
attributes: "TLSv1.2"

[I/O dispatcher 11] INFO - Elapsed time: 10025 ms 
[I/O dispatcher 11] WARN mo.f.o.f.LogAttachedExceptionFilter - Response [Status: 502 Bad Gateway] to '' carries an exception [txId:aa167dcf-503b-461d-a745-9285bad726fb-735] null    
   at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.timeout(
[http-bio-] ERROR mo.f.o.handler.router.RouterHandler - no handler to dispatch to 
[http-bio-] INFO mo.f.o.d.c.C.c.myClientHandler
--- (response) id:aa167dcf-461d-513b-a942-9272bad726fb-736 ---

HTTP/1.1 502 Bad Gateway 
Context's content : 
attributes: "TLSv1.2"

[I/O dispatcher 12] WARN o.f.openig.handler.ClientHandler - An error occurred while processing the request null 
   at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.timeout( 
[I/O dispatcher 12] INFO o.f.o.d.c.C.c.TlsClientHandler -

Recent Changes



The connection from IG to the backend is timing out before a response has been received by the client application. By default, the timeouts for the IG ClientHandler are set to 10 seconds.


This issue can be resolved by increasing the timeouts (connectionTimeout and soTimeout) for the ClientHandler in the IG route. For example, the configuration in the route would look similar to this with a 30 second timeout:

 "handler": { 
   "name": "myClientHandler", 
   "type": "ClientHandler", 
   "config": {
      "connectionTimeout": "30 seconds", 
      "soTimeout": "30 seconds" 

If you prefer to set these timeouts globally in config.json (located in the $HOME/.openig/config/ directory), you should ensure you define the ClientHandler correctly in the route, for example:

"handler": "myClientHandler",

See Also

Troubleshooting IG/OpenIG

Installing and configuring IG/OpenIG

Gateway Guide › Configuring Routes

Configuration Reference › ClientHandler

Related Training


Related Issue Tracker IDs


Copyright and TrademarksCopyright © 2019 ForgeRock, all rights reserved.