SAML_FAKE_HTTPS needs to be configurable without requiring debug mode
pavelnikolov opened this issue · comments
When we run Confidant using Kubernetes we have problems when the SAML_FAKE_HTTPS
is set to false
. We would like to set it to true
without enabling debug mode. Otherwise we get this error:
{
"errors": [
"invalid_response"
],
"message": "SAML request failed",
"reason": "The response was received at http://XXXXX/saml/consume instead of https://XXXXX/saml/consume",
"request_id": null
}
We only currently support SAML with https, as it's insecure without. Is this for testing purposes?
If you have a reverse proxy in front then X-Forwarded-Proto should solve your problem here. You need to set --forwarded-allow-ips=*
for your gunicorn config for this, though; see #50
Did this solve your issue? I really need to close out #50. Pretty frequent issue folks run into.
Yes, that fixes it - please make this the default in your docker image.
In #50 I mentioned that we're recommending setting the FORWARDED_ALLOW_IPS environment var when running the docker image, because it's difficult to modify the setting if we set it by default in the image. We may followup later and have the docker image run a script as a command where we have a bit more flexibility in how we start the process in docker.