Closed Oliboy50 closed 4 years ago
Did you check the ACS URL in your IdP? How do you provide information about your SP to your IdP? Is it entered manually or do you use metadata.xml
?
it looks like the issue wasn't directly related to lightSAML
it seems that lightSAML leverages Symfony\Component\HttpFoundation\Request::isSecure()
method to check if the login_path
URL should be generated using http
or https
protocol
so one of the possible solutions is to define the following environment variable: HTTPS=on
(which is understood by the "isSecure" method)
sorry for the noise 🙏
@Oliboy50 hi, did you actually resolve this issue ?
@drjnet I don't remember but, after reading my previous comment, it seems that I fixed my issue using the HTTPS
environment variable (i.e. HTTPS=on
)
@Oliboy50 Thanks we're doing that in nginx conf e.g. fastcgi_param HTTPS on; but still no joy. This is 'one of those' issues, thanks for the reply we'll keep hacking at it.
👋 we're running a (complex and huge) Symfony3.4 based website which requires
"lightsaml/sp-bundle": "1.2.0"
this website run over HTTPS which is a hard requirement for us, we even have an automatic redirection to HTTPS when we try to make a HTTP request
(not sure if this information is useful, but we use Okta as our identity provider)
the problem is that during authentication process we see the following HTTP requests:
as you can see in these request logs (seen while using the SAML Tracer browser extension and trying to access a secured_url of our website), we have 2 requests (
GET http://example.com/saml/login
andGET http://example.com/secured_url
) which are made against HTTP instead of HTTPS...Is it a known issue or is it something that we should fix on our side? (I've already tried too many things, I couldn't fix it myself)
Here is our relevant configuration:
🙏