Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-4165

agent will not translate http to https in agent/cdsso-oauth2 redirect in SSL offloading case on nginx

    XMLWordPrintable

    Details

      Description

      Description

      Nginx agent will not translate http to https in SSL offload scenario.

      Reproductions steps

      1. set apache running on port 443 as SSL offloading proxy to port 80
      2. start nginx agent on port 80
      3. start AM on port 8080 (and set policy to allow access to all authenticated users to everywhere)
      4. create agent on AM to be at HTTPS https://agent.localtest.me:443/ (pointing to apache doing SSL offloading)
      5. enable "Override Request URL Protocol" and "Override Request URL Port" in agent configuration
      6. do a request to agent protected application in https with browser network manager turned on
      7. login to AM as demo user
      8. look at last two requests in browser network manager and we can see there is redirect from https to http in page agent/cdsso-oauth2 which will not work in production scenario, because user has access only to https and no http.

      Used Apache2 configuration

      $ cat /etc/apache2/sites-enabled/ssl-offloading.conf 
      <IfModule mod_ssl.c>
        <VirtualHost agent.localtest.me:443>
          ServerName agent.localtest.me
          
          SSLEngine on
          SSLProxyEngine On
          SSLCertificateFile	/etc/ssl/certs/ssl-cert-snakeoil.pem
          SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
         
          ProxyPass / http://agent.localtest.me:80/
          ProxyPassReverse / http://agent.localtest.me:80/
      
        </VirtualHost>
      </IfModule>
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mareks.malnacs Mareks Malnacs
              Reporter:
              lubomir.mlich Ľubomír Mlích
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: