•  
      request #8973 Bad OpenID url generated with reverse proxy
    Infos
    #8973
    Manuel Vacelet (vaceletm)
    2016-03-22 16:34
    2016-03-21 17:05
    9076
    Details
    Bad OpenID url generated with reverse proxy

    On my.enalean.com we are behind a reverse proxy and that block the OpenID authentication.

    Generated URL seems wrong:

    https://github.com/login/oauth/authorize?client_id=....&redirect_uri=https%3A%2F%2F%2Fplugins%2Fopenidconnectclient%2F&response_type...
    Authentication & LDAP
    development
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Acknowledged
    Empty
    Attachments
    Empty
    References
    References list is empty

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2016-03-22 16:34
    Even if the actual server is not directly accessible with HTTPS the instance is, through the reverse proxy. After all, your current sys_default_domain parameter value does not indicate explicitly the server running Tuleap but the domain from which your Tuleap instance can be accessed. It should be the same thing for sys_https_host.

    I do not see a drawback to have the sys_https_host parameter set. Without it we have probable issues in the webdav plugin, Git plugin (mailing hook) and some checks in URLVerification.class.php seems wrong.
    User avatar
    The actual server is running in http (not S), ssl is terminated by the RP. Hence empty sys_https_host
    User avatar
    Thomas Gerbet (tgerbet)2016-03-22 00:54
    It looks like your sys_https_host parameter is empty. Is there a reason for that in this context?

    • Status changed from New to Acknowledged