Forums

I am experiencing an issue with Chrome only.  A partner is using an IFRAME to hit our SSO endpoint.  When this happens, the IFRAME's content becomes:

<form method="post" action="https://qa-courseplayer.educatored.com/plplogin/samlacs">
 <input type="hidden" name="SAMLResponse" value="[Valid Data Is Here]">
 <input type="hidden" name="RelayState" value="https://qa-courseplayer.educatored.com/plplogin/CourseRedirect?courseId=114740">
 <input type="submit" value="Submit">
</form>
NOTE: I have removed the SAML Response Value, but it is a valid response.
Then, chrome generates the following error:
send?sp=KDS-QA&SAMLRequest=[Valid Request Data]=https%3A%2F%2Fqa-courseplayer.educatored.com%2Fplplogin%2FCourseRedirect%3FcourseId%3D114740:1 Mixed Content: The page at 'https://test.pepperpd.com/courses/PCGEducation/KDS1002/S2019/courseware/5b1cad121de741da9c4d38c442cfd76c/5d4b95a661d04e98ae9c340e05b89596/' was loaded over HTTPS, but requested an insecure form action 'http://qa-courseplayer.educatored.com/PlpLogin/Login?ReturnUrl=%2Fplplogin%2FCourseRedirect%3FcourseId%3D114740'. This request has been blocked; the content must be served over HTTPS.

I cannot figure out where the unsecured version of the login request is coming from.  To be sure, it is not in the code-base as I've searched it, and I do not see it in the host application's code when I inspect the code that I can see.

Any suggestions are welcomed.

Thanks!
CWM

I'm not sure. I suggest using Chrome browser developer tools (F12) to capture the network traffic to see what's happening. Let me know what you find.

Regards
ComponentSpace Development