Open access control for testing
Mathew, Sunil
smathew at hbs.edu
Tue Aug 11 17:20:22 UTC 2020
Thanks Peter and Scott.
Here is my problem. I deployed Shibboleth to ECS. But I was getting the following error in IdP logs:
IDP_WARN: 2020-08-10 17:33:37,057 - 10.140.0.162 - ERROR [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:200] - Message Handler: SAML message intended destination endpoint 'https://sso.hbsstg.org/idp/profile/SAML2/Redirect/SSO' did not match the recipient endpoint 'http://sso.hbsstg.org/idp/profile/SAML2/Redirect/SSO'
Here is the header and request info:
Here is the info:
### Header Information
Header Name - x-forwarded-for, Value - 199.94.1.20
Header Name - x-forwarded-proto, Value - https
Header Name - x-forwarded-port, Value - 443
Header Name - host, Value - sso.hbsstg.org
Header Name - x-amzn-trace-id, Value - Root=1-5f31beb3-355caa1bc523a30f520d2258
Header Name - upgrade-insecure-requests, Value - 1
Header Name - user-agent, Value - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36
Header Name - accept, Value - text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Header Name - hbs_person_id, Value - 21001
Header Name - sec-fetch-site, Value - none
Header Name - sec-fetch-mode, Value - navigate
Header Name - sec-fetch-dest, Value - document
Header Name - accept-encoding, Value - gzip, deflate, br
Header Name - accept-language, Value - en-US,en;q=0.9
Header Name - cookie, Value - JSESSIONID=C96BDEE98D4D71E68993B978ECEEDBA9; HBS_YAWETAG=4e6564
### Request Information
requestURL:http://sso.hbsstg.org/idp/WEB-INF/jsp/status.jsp
requestScheme:http
requestIsSecure:false
requestServerPort:80
We are trying to add tomcat valve with protocolHeader="x-forwarded-proto" so that we can get past the error.
Sunil
More information about the users
mailing list