Web Login Service - Message Security Error
Peter Schober
peter.schober at univie.ac.at
Mon Feb 17 07:57:02 EST 2020
* liquid89 <p.nem at pnem.at> [2020-02-17 09:47]:
> The Client goes to
> https://portal.test.de --> https://portal.test.de /idp/shibboleth...but the
> intern redirect doenst work and thats why the Error:
> 'https://portal.test.de/idp/profile/SAML2/Redirect/SSO' did not match the
> recipient endpoint 'http://servername:8443/idp/profile/SAML2/Redirect/SSO'
That's not a problem of a redirect not working -- which would manifest
itself in your web browser internally rendering an error message,
along the lines of not being able to connect to the server -- it's an
error message from the IDP application that the endpoint details from
the SAML don't match what it thinks is its own configuration:
The endpoint details are using http (not https), a different host name
(AFAICT, from your obfuscation attempts) and a different port (8443,
not 443). But something virtualises all those things and makes your
server available at https://portal.test.de/. no?
Tomcat's http connector allows to virtualise the scheme (http) and
also the server name and port, c.f.
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Proxy_Support
so if there's some kind of proxy or TLS offloading involved that's
what you'd need to configure.
If there is no other system/server involved then I'd need to know how
exactly you've configured Tomcat to be able to be accessed at
https://portal.test.de/
-peter
More information about the users
mailing list