SP behind proxy - ServerName not used
Rainer Hoerbe
rainer at hoerbe.at
Tue Mar 13 18:30:19 EDT 2018
I am deploying an SP configuration to a customer environment, with the notable difference that their proxy is HAproxy as opposed to Nginx in my local testbed. The SP in the customer environment fails with a binding exception when receiving an IDP response, with "POST targeted at (https://.../), but delivered to (http://..:8080/)
IFIAK such an error message is usually caused by missing X-Forwarded headers or an apache misconfiguration, like not having set ServerName properly to the external URL.
However, the vHost configuration is identical in both environments except the different hostname, and the same is true for X-Forwared headers., i.e. X_FORWARDED_HOST, _PORT and _PROTO.
When I analyze the Request Headers, I find following differences:
HTTP_X_FORWARDED_HOST sp.customerdomain
HTTP_X_FORWARDED_PORT 443
HTTP_X_FORWARDED_PROTO https
SERVER_NAME sp.customerdomain
SERVER_PORT 8080
REQUEST_SCHEME http
HTTP_X_FORWARDED_HOST sp7. testdomain
HTTP_X_FORWARDED_PORT 443
HTTP_X_FORWARDED_PROTO https
SERVER_NAME sp7. testdomain
SERVER_PORT 443
REQUEST_SCHEME https
<VirtualHost *:8080>
ServerName https://spcustomerdimain:443
UseCanonicalName On
DocumentRoot /var/www/html/
CustomLog /var/log/httpd/vhost_access.log combined
ErrorLog /var/log/httpd/vhost_error.log
<Location />
AuthType shibboleth
ShibRequestSetting requireSession off
require shibboleth
</Location>
</VirtualHost>
Any idea what is wrong or where to look?
- Rainer Hörbe
Identinetics GmbH
More information about the users
mailing list