iam redirects to dashboard with http rather than https

[jouvin]

Hi,

If you remove the http redirection to https in Nginx configuration and connect to the IAM server using https the authentication (OIDC, SAML) works but after the authentication the redirect to the IAM dashboard is done with http rather than https (and thus fails as the IAM configuration is done for https only).

It is easily worked around by adding the http redirection to https in Nginx configuration but is unexpected.

Michel

[norealroots]

Is this in v1.8.0, and if so is it due to this (from the github release notes):

IAM_USE_FORWARDED_HEADERS configuration variable has been deprecated due to the Spring update and replaced by IAM_FORWARD_HEADERS_STRATEGY. It can be set to native or none. The same for the Test Client application, where IAM_CLIENT_USE_FORWARDED_HEADERS becomes IAM_CLIENT_FORWARD_HEADERS_STRATEGY

I had a similar issue with SAML auth failing due to the redirection ending up at the http endpoint, rather than https. My issue was addressed here in Slack: https://indigo-iam.slack.com/archives/C0FBL4P9C/p1664884241705189

Full release notes here: https://github.com/indigo-iam/iam/releases/tag/v1.8.0

[jouvin]

No, the problem was existing in 1.7.2. The variable name change has been done. It is really something specific to the redirection to the IAM dashboard after a successful SSO authentication. The problem is masked if you add the Nginx configuration for http that should normally be useless if there was no flaw in IAM (I mean if once contacted through http, IAM was using https for all internal redirections.

Michel