INVALID_RESPONSE : The response was received at http://... instead of https://...

aacotroneo / laravel-saml2

A Laravel 5 package for Saml2 integration as a SP (service provider) based on the simple OneLogin toolkit

MIT License

567 stars 238 forks source link

INVALID_RESPONSE : The response was received at http://... instead of https://... #142

Open avecNava opened 6 years ago

avecNava commented 6 years ago

I am seeing this error with remove_mcrypt branch. Any suggestions what went missing?

The response was received at http:/xxx/saml2/acs instead of https://xxx/saml2/acs

array:1 [▼ 0 => "invalid_response" ]

lvidal1 commented 6 years ago

@avecNava i have this issue too.

lvidal1 commented 6 years ago

I was wonder if my callback url is set to https, and urls on my metadata are using https, how come does error message claims request has gone through http?

danmichaelo commented 6 years ago

Do you happen to use a proxy? In that case, make sure to set

'proxyVars' => true,

in saml2settings.php and make sure the server generates the Forwarded headers.

devglrd commented 5 years ago

@lvidal1 Hi have you fix this ? I have the same errors, and i set the proxyVars to true, but nothing change, still the same errors

Saml2 error_detail {"error":"The response was received at http://.../saml2/acs instead of https://.../saml2/acs"}

devglrd commented 5 years ago

Thanks set proxyVars to true fix this

jrbecart commented 3 years ago

'proxyVars' => true, doesn't help if your SP entityId and/or SP assertionConsumerService and/or SP singleLogoutService are empty in your config. My solution https://github.com/aacotroneo/laravel-saml2/issues/213#issuecomment-790875829

sefirosweb commented 3 years ago

wich parameter are "SP entityId and/or SP assertionConsumerService and/or SP singleLogoutService "?

I have same issue, i'm using docker with nginx in background

Is correct?

diederikdr commented 2 years ago

Config your Webserver / proxy to add headers such as: HTTP_X_FORWARDED_PROTO HTTP_X_FORWARDED_PORT

in config/saml2_settings.php 'proxyVars' => true,

nagibi commented 1 year ago

@sefirosweb wich parameter are "SP entityId and/or SP assertionConsumerService and/or SP singleLogoutService "?

I have same issue, i'm using docker with nginx in background

Is correct?

Hi friend, did you manage to solve this problem? I'm trying to find the solution but without success! I am also running the application via nginx inside a docker. I've tried everything but nothing worked! When I run it locally I don't have any problems now when I point it to my server with SSH it always returns all requests as HTTP instead of HTTPS.

nagibi commented 1 year ago

Config your Webserver / proxy to add headers such as: HTTP_X_FORWARDED_PROTO HTTP_X_FORWARDED_PORT

in config/saml2_settings.php 'proxyVars' => true,

@diederikdr Good evening friend, could you show the NGINX configuration file? I already tested several configurations but without success! Requests keep returning with HTTP instead of HTTPS. I'm running the application via docker with NGINX.

{"error":["invalid_response"],"last_error_reason":"Invalid audience for this Response (expected 'http://sso.ibigan.app/saml2/test/metadata', got &#039 ;https://sso.ibigan.app/saml2/test/metadata')"}