ComponentSpace

Forums



Relative AssertionConsumerServiceUrl redirects always to http instead of https


Relative AssertionConsumerServiceUrl redirects always to http instead...

Author
Message
monacense
monacense
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 5
Ciao ragazzi,
I'm implementing a ServiceProvider-initiated SSO for one of our applications (using SAML v2.0 for .Net4, Version 2.6.0.13).
Unfortunately even if I access our web application using https the expanded absolute AssertionConsumerServiceUrl is always a plain http url, which obviously results in the redirection to that unsecure url.
Are there any means to ensure that during expansion of the AssertionConsumerServiceUrl https is preferred over http, if both bindings are configured in the application server? 

The interesting part of my saml.config looks like that:
<ServiceProvider Name="https://appstest.domain.com/OurProject/"
        ...
       AssertionConsumerServiceUrl="~/LoginSAML.aspx"/>


I would be very grateful for any kind of advice.

Grazie mille in anticipo
Tanti saluti

Florian

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)

Group: Administrators
Posts: 2K, Visits: 4.6K
Hi Florian
We use System.Web.VirtualPathUtility.ToAbsolute to expand the "~" to an absolute URL based off the URL of the HTTP request being processed (ie. HttpContext.Current.Request).
Is it possible that the URL for the current request is HTTP rather than HTTPS?
This might occur if you're behind a load balancer etc that terminates the HTTPS session.
If that's the case, you need to specify an absolute URL for the AssertionConsumerServiceUrl rather than a relative URL. 



Regards
ComponentSpace Development
monacense
monacense
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 5
ComponentSpace - 11/30/2018
Hi Florian
We use System.Web.VirtualPathUtility.ToAbsolute to expand the "~" to an absolute URL based off the URL of the HTTP request being processed (ie. HttpContext.Current.Request).
Is it possible that the URL for the current request is HTTP rather than HTTPS?
This might occur if you're behind a load balancer etc that terminates the HTTPS session.
If that's the case, you need to specify an absolute URL for the AssertionConsumerServiceUrl rather than a relative URL. 


Ciao ragazzi,

thanks a lot for your detailed answer. You were right, the load balancer offloaded the TLS and therefore we have to use absolute URLs.

Tanti saluti

Florian
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)

Group: Administrators
Posts: 2K, Visits: 4.6K
You're welcome.

Regards
ComponentSpace Development
lsiddiquee
lsiddiquee
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 2, Visits: 3
@ComponentSpace: Apologies for bumping this old thread. However, is it an option to "X-Forwarded-For" header when expanding the url.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)

Group: Administrators
Posts: 2K, Visits: 4.6K
We don't access that header. I'm not sure if this would help as this is the IP address of the client. What the original poster was asking about is expanding the URL on the server side.

Regards
ComponentSpace Development
lsiddiquee
lsiddiquee
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 2, Visits: 3
ComponentSpace - 8/9/2019
We don't access that header. I'm not sure if this would help as this is the IP address of the client. What the original poster was asking about is expanding the URL on the server side.

My apologies, indeed you are right, that header contains the client's IP address not the servers address to the load-balancer.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)

Group: Administrators
Posts: 2K, Visits: 4.6K
No worries.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 4 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









ComponentSpace Forums


Search