fhanik
commented
5 years ago Closed neergupta closed 5 years ago
fhanik
commented
5 years ago 
qwcode
commented
4 years ago @fhanik why is that link the answer to his question?
minaksheej
commented
3 years ago I am also facing same issue @neergupta did you find the solution for this?
seven7ma
commented
3 years ago @fhanik why is that link the answer to his question?
seven7ma
commented
3 years ago Any idea of this?
jzheaux
commented
3 years ago The JavaDoc for SAMLContextProviderLB states:
Overrides request attributes with values of the load-balancer or reverse-proxy in front of the local application. The settings help to provide correct redirect URls and verify destination URLs during SAML processing.
To me, this sounds like what ForwardedHeaderFilter is for, and I wonder whether a better arrangement would be introduce the ForwardedHeaderFilter into the filter chain, and then use SAMLContextProvider.
I have integrated SAML extension with load balancer in a following manner.
Load balancer public endpoint is https://mylb.com/auth/saml/SSO which does ssl offloading. The URL of the machine handling the request is http://10.87.1.1/auth/saml/SSO. As per documentation in https://docs.spring.io/spring-security-saml/docs/1.0.x/reference/htmlsingle/#configuration-load-balancing, I have configured the context provider as below:
Following is my metadata generator where I specified the entityBaseURL
In the metadata generated, the Localtion URLs of all ACS are https://mylb.com/auth/saml/SSO
Using this configuration, I am able to authenticate with the IdP. The AuthNResponse by IdP also contains https://mylb.com/auth/saml/SSO in destination and recipient fields.
However at last, after getting the response, SAML extension is redirecting to http url of the load balancer - http://mylb.com/auth/saml/SSO and not to https.
I am unable to figure out what is getting wrong here.
Can anyone help me out in this regards?
Thanks, Neeraj