The response was received at http://{GLPI}/marketplace/glpisaml/front/acs.php instead of https://{GLPI}/marketplace/glpisaml/front/acs.php

DonutsNL / glpisaml

I moved to: https://codeberg.org/QuinQuies This plugin is a full rewrite of Derrick Smith's initial SAML plugin for GLPI10+. Its redesigned to be compatible with GLPI10+, PSR, Composer, Support multiple saml idp's, user right rules and more.

https://discord.gg/yKZB7VQUk6

GNU General Public License v3.0

10 stars 0 forks source link

The response was received at http://{GLPI}/marketplace/glpisaml/front/acs.php instead of https://{GLPI}/marketplace/glpisaml/front/acs.php #19

Open G0dzilla9 opened 3 months ago

G0dzilla9 commented 3 months ago

Hello, I am using your glpisaml plugin to make an SSO connection with my Azure AD to log in my GLPI site. I am facing this issue "The response was received at http://{GLPI}/marketplace/glpisaml/front/acs.php instead of https://{GLPI}/marketplace/glpisaml/front/acs.php" (see capture) 2024-06-19 14_22_18-Clipboard . I don't know where I can find the redirection. Cause my GLPI is in https and is behind a reverse proxy. I'm sure it's not the Azure AD config, I think it is an issue with the php file : acs.php, but I have no idea how to resolve it.

Do you have any ideas ?

Thanks,

DonutsNL commented 3 months ago

This usually indicates that the response was proxied to the glpi webserver where the proxy connection to the webserver is not secured. This can only be fixed by securing the connection between the proxy and the backend. Alternatively (not adviced!) is to disable strict mode after which it will work but leaves your installation vulnerable. Rgdrs

G0dzilla9 commented 3 months ago

Thanks for the reply ! Indeed when i disabled the stric mode it worked. But i will try to put my glpi in https and then talk with my proxy in 443 instead of 80. I will come back to update.

jlucgauthier commented 2 months ago

I don't know if you tried this, but you can use strict mode when REQUESTS PROXIED (in Transit) is enabled. It worked for us.

G0dzilla9 commented 1 month ago

Ok, i tried but it doesn't work either. Could u give me both configurations on GLPI and ur Azure application ? thanks in advance !

G0dzilla9 commented 1 month ago

Thanks for the reply ! Indeed when i disabled the stric mode it worked. But i will try to put my glpi in https and then talk with my proxy in 443 instead of 80. I will come back to update.

Update : I did change this and now my glpi talk with my opnsense in 443 but it still doesn't work...

G0dzilla9 commented 1 month ago

Update and solved the issue : I only needed to add this line RequestHeader set X-Forwarded-Proto "https" to redirect in my file "glpi.conf" (on my glpi server) + activate the option "REQUESTS PROXIED" on the plugin (like said by @jlucgauthier).

Thanks !