Comments (6)
cf-gitbot
commented on June 9, 2024
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/184638265
The labels on this github issue will be updated when the story is started.
from uaa.
strehle
commented on June 9, 2024
Ok, you mentioned you have a " fork, with some modifications, as part of web application"
So do you have adapted the Bean Definition according to
https://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-advanced.html
?
Because then I recommend to you, please open a PR and we check how we can use both variant with and without proxy
from uaa.
angusm43ge
commented on June 9, 2024
I will speak with colleagues who look after the downstream fork, and get back to you on that.
thanks
From: Markus Strehle ***@***.***>
Sent: 10 March 2023 17:01
To: cloudfoundry/uaa ***@***.***>
Cc: Macaulay, Angus J (GE Digital) ***@***.***>; Author ***@***.***>
Subject: EXT: Re: [cloudfoundry/uaa] SAML authentication with UAA, behind a reverse proxy (Issue #2231)
WARNING: This email originated from outside of GE. Please validate the sender's email address before clicking on links or attachments as they may not be safe.
Ok, you mentioned you have a " fork, with some modifications, as part of web application"
So do you have adapted the Bean Definition according to
https://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-advanced.html
?
Because then I recommend to you, please open a PR and we check how we can use both variant with and without proxy
—
Reply to this email directly, view it on GitHub <#2231 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AHAJHLN35BNXGJDUL65E3PDW3NM33ANCNFSM6AAAAAAVSKPY7M> .
You are receiving this because you authored the thread. <https://github.com/notifications/beacon/AHAJHLNZPF3JQVJFCFHJBBTW3NM33A5CNFSM6AAAAAAVSKPY7OWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSXIRRJA.gif> Message ID: ***@***.*** ***@***.***> >
from uaa.
strehle
commented on June 9, 2024
Hi,
I have setup uaa also in docker and nginx next to and simulated this. So UAA using SAML relys on uaa.url and entityBaseURL setting, e.g.
https://github.com/cloudfoundry/uaa/blob/develop/uaa/src/test/resources/integration_test_properties.yml#L59-L61
Set both to your external name auth.saml-example.net define proxy setting and finally ensure that you have enabled / activate the reservation of host header (ProxyPassReverse ), e.g. https://www.nginx.com/resources/wiki/start/topics/examples/likeapache/
Depending on your reverse proxy there should be a setting to do this and then you will get it working - at least in my case it worked then with SAML (azure) and UAA (docker) and NGINX (docker) .
from uaa.
angusm43ge
commented on June 9, 2024
thanks for taking time to look at this in more detail. I had also found it necessary to add proxy_set_header Host ;
I'll go back and retry this early next week.
from uaa.
strehle
commented on June 9, 2024
close this now
from uaa.
Related Issues (20)
- Limit user creation within a zone HOT 2
- No config to turn off "OpenID Connect RP-Initiated Logout" when using an external OIDC provider HOT 1
- Docker container fails to start from version 76.24.0 onwards HOT 11
- Timeout when using the root directory in Active Directory HOT 5
- Inconsistent update behavior for SCIM /Users/{userId} HOT 2
- Bump greenmail dependency HOT 1
- Use of legacy library commons-httpclient:commons-httpclient:3.1 HOT 3
- how do i verify a token HOT 4
- Potential Error in the SCIM Filter Validation of the /ids/Users Endpoint HOT 1
- Performance Issues in SCIM User Lookup of "/ids/Users" Endpoint HOT 1
- LdapSkipCertificateMockMvcTests test failures in local runs, introduced by PR 2711 HOT 2
- Avoid necessity to configure SAML SP in UAA HOT 3
- Support reuse of OIDC identity provider configuration jwtClientAuthentication on a global level HOT 5
- empty client_secret leads to "Missing credentials" error while request POST oauth/token HOT 7
- Either fix missing encryption_keys or remove it HOT 2
- During v76 -> v77 upgrade canary deployment, UAA delete user endpoint returns false error HOT 4
- Flaky test in ScimUserEndpointsMockMvcTests HOT 1
- Generating client credentials token for client in another Identity Zone HOT 4
- Fix performance issue with external identity provider lookup [OIDC] HOT 1
- Fix performance issue with external identity provider lookup [SAML] HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from uaa.