Absolute URL behind load balancer

lightSAML / SpBundle

SAML2 SP Symfony Bundle based on LightSAML

https://www.lightsaml.com/SP-Bundle/

MIT License

66 stars 70 forks source link

Absolute URL behind load balancer #23

Closed lorrainehipolito closed 8 years ago

lorrainehipolito commented 8 years ago

Our application is behind a load balancer running on port 80. The SSL certificate is at load balancer running at port 443. When we generate the metadata the ACS URL is http. We needed https. If we forced change the ACS URL in ADFS to https, then we encountered the below issue in fig. 1.

fig1

We found that there is some setting related to absolute URL. Please see fig 2.

fig2

We tried to set the router scheme to https as mentioned here http://symfony.com/doc/2.7/cookbook/console/request_context.html#configuring-the-request-context-globally but it is not working.

We need your help on this matter.

Thank you.

INSEAD-asim commented 8 years ago

We can use scheme at route configuration as mentioned in http://symfony.com/doc/2.7/cookbook/routing/scheme.html. So it should be like:

lightsaml_sp.login_check:
    path: /login_check
    schemes:  [https]

lorrainehipolito commented 8 years ago

I tried but it didn't work. What I did was I've copied the lightsaml_sp.login_check route to my application route and I've added schemes then I encountered the error below.

lorrainehipolito commented 8 years ago

I changed the path based on my application configuration and now it is working fine. Thank you @INSEAD-asim. Closing this ticket now.

tmilos commented 8 years ago

If you do it so, per single route definition, still your other routes will be invalid. How do you generate HTML links in your app twig templates? Do they work?

Think it's up to you to configure Symfony to trust proxy (load balancer) and up to proxy to set proper headers. Check these: http://symfony.com/doc/current/components/http_foundation/trusting_proxies.html https://github.com/symfony/symfony/issues/3500

The url you @lorrainehipolito provided is for console and it says web requests override it with actual values from the web request.

acframe commented 5 years ago

I changed the path based on my application configuration and now it is working fine. Thank you @INSEAD-asim. Closing this ticket now.

Apologies for commenting on a closed issue and after such a long time, but could I ask what changes you made to your application configuration which allowed for this to work? I am encountering this exact error when trying to authenticate via an Azure Load Balancer.

Many thanks.

INSEAD-asim commented 5 years ago

@acframe , can you confirm which Symfony version you are using? There are some changes in Symfony 3 regarding application behind load balancer. Please have a look at https://symfony.com/doc/3.4/deployment/proxies.html