Invalid Response - SAML ACS response doesn't work for default Bitnami Wordpress image when Apache runs on TCP/8080

[dlew56]

Hi,

The default non-privileged Bitnami Wordpress container has Apache/container run on TCP/8080 (https://github.com/Bitnami/bitnami-docker-wordpress).

When it is configured this way, we reach this SAML error on login attempts after successful auth against our IDP:

The response was received at https://test.domain.net:8080/wp-login.php instead of https://test.domain.net/wp-login.php?saml_acs There was at least one error processing the SAML Response: invalid_response Contact the administrator

Here's part of the SAML response: `<samlp:Response ID="_68a3d2a1-d014-4720-b08d-d32c86badddf" Version="2.0" IssueInstant="2021-02-16T21:03:40.534Z" Destination="https://test.domain.net/wp-login.php?saml_acs" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" InResponseTo="ONELOGIN_35e46bf2427411ed77f96e3f4d6d92aec6c6e466" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

USERNAME/NameID> ` However if we ran the container as **Privileged** (root) and change the Bitnami Dockerfile to: APACHE_HTTPS_PORT_NUMBER="443" \ APACHE_HTTP_PORT_NUMBER="80" \ Then it works. However, we can't adjust the APACHE port numbers while the container is unprivileged, which is best practice. How should we proceed? Thanks, David

[pitbulk]

Edit the settings.php

and after

https://github.com/onelogin/wordpress-saml/blob/master/onelogin-saml-sso/php/settings.php#L10
``

add:

use OneLogin\Saml2\Utils;

Utils::setBaseURL("https://test.domain.net/");

I will consider adding this as a new setting in a future release of the plugin.