When running in Kubernetes a mismatch occurs between the expected and actual response URL

[cs4p]

Scenario: Django app is running in a Kubernetes cluster. Internally on the container, the app runs at http://app.domain.com:8000. But when accessed externally the app responds on https://app.domain.com/. The mapping is handled by the Kubernetes ingress server.

When trying to authenticate I get the error: "The response was received at http://app.domain.com:8000/sso/acs instead of https://app.domain.com/sso/acs.

In the IDP configuration, the BaseURL is set to https://app.domain.com/. I think I need a way to specify the acs URL separately from the base URL?

[dcwatson]

It's possible I need to make IdP.prepare_request customizable, so you could change how the Django request is handed off to OneLogin_Saml2_Auth by overriding the port. But I'm curious about:

1. How are you serving the Django app inside the container? gunicorn? uWSGI?
2. What does your Kubernetes service look like?
3. Is this still an issue for you, or have you found a way forward?

[dcwatson]

There is a SP_PREPARE_REQUEST Django setting, and a IdP.prepare_request_method field to override the request preparation per-IdP. One of these should allow you to do what you need - although I would probably still look into making Django's get_host and get_port return the right thing for you. There are a number of settings that affect how those derived.