Expand my Community achievements bar.

SOLVED

SSO redirects to http page(instead of https) post login

Avatar

Level 4

Hi All,

We are facing a challenge of redirecting to https page post successful saml authentication.

Here is the flow :

1. IDP does successful authentication and redirects to https url  containing (/saml_login).

2. Then the user is redirected to the landing page but this happens on http and not HTTPs.

We tried configuring SSL filter on our publisher but of no use.

Kindly help us.

1 Accepted Solution

Avatar

Correct answer by
Level 2

If the dispatcher log headers, with the correct value, match your SSL Filter & you get http redirect. I recommend an Adobe DayCare ticket at this point

View solution in original post

5 Replies

Avatar

Level 2

I've been working on something similar.

I suspect your SSL is terminating further upstream & your publisher request is incoming as http. Thus, your redirect is sent to http.

Avatar

Level 4

Yeah but how to resolve it .... SSLFilter packaged with AEM does not seem to work. It never gets invoked. It has an awkward pattern to which it is registered.

".*"

While other filters are registered with "/.*"

Also I noticed that the filter does not come with a service while other filters have service.

Kindly help.

Avatar

Level 2

Check your dispatcher.log file to ensure the headers are being passed through. I had to update my CDN to pass through a custom header. I setup X-Forward-Proto = https

Once I setup that header, it was showing in dispatcher logs.

You should see this log line:

[Thu Nov 16 11:03:45 2017] [D] [pid 42613] Adding request header: X-Forwarded-Proto

Once this was present, the SSL Filter config picked it up & redirected me back to https

Avatar

Level 4

Hi,

Filter is configured successfully

I can see headers also present in the logs

but still I redirect to http.

Avatar

Correct answer by
Level 2

If the dispatcher log headers, with the correct value, match your SSL Filter & you get http redirect. I recommend an Adobe DayCare ticket at this point