Announcement Announcement Module
No announcement yet.
Oauth signature calculation when used with LB SSL offloading Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Oauth signature calculation when used with LB SSL offloading

    My application sits behind a load balancer which does SSL offloading.

    Therefore, the client application hits which goes to the load balancer, terminates the SSL and proxies the request to the actual server This ends up failing the signature check because the schema has changed.

    Is there a way in oauth to handle this scenario? Doing some googling I have come across a non-standard HTTP header X-Forwarded-Proto which can be set to the forwarded protocol. Is it valid to use this as the schema when calculating the signature as opposed to what is returned from getRequestURL (in the Java world)?


  • #2
    Hi, I'm facing the same issue.

    Did you manage to fix this?


    • #3
      I think you may need to inject an OAuthProviderSupport into your <provider support-ref=".."/>. There you can customize the URL calculation, either by providing a fixed baseUrl, or by implementing your own logic based on a custom header. Is that it?


      • #4
        i'm trying to do it this way:

        but after having added my ChannelDecisionManagerPostProcessor it starts complaining that my securityContextRepository is null

        ps: i'm working on sparklr2 example.


        • #5
          That's a different problem (OP was about OAuth 1.0 signature calculations, yours is about OAuth2). Why not start a new thread?


          • #6
            sorry about that