Announcement Announcement Module
Collapse
No announcement yet.
Error Endpoint mismatch from fronting Tomcat with Apache Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Error Endpoint mismatch from fronting Tomcat with Apache

    Hi,

    I have a web app running in Tomcat which is behind Apache. I set in Apache configuration that any requests to "http://xxx.cbu.uib.no/yyy" will be forwarded to "http://test.abcd.uib.no:7070" which is my web app.

    The problem is: when IDP using HTTP-POST sends response back to the wep app, this error is thrown

    ERROR o.o.c.b.d.BaseSAMLMessageDecoder - SAML message intended destination endpoint 'http://xxx.cbu.uib.no/yyy/saml/SSO/alias/defaultAlias' did not match the recipient endpoint 'http://test.abcd.uib.no:7070//saml/SSO/alias/defaultAlias'

    I think it is because my setup (Tomcat is behind Apache).

    I would like to ask if anyone has the same setup and how to get rid of this problem?

    Best,
    patch

  • #2
    I am running the same configuration (HTTP to port 9080 on Tomcat) and ran into the same issue.

    To fix the problem, I had to do the following:

    1. On Apache side, set the directive:
    ProxyPreserveHost On

    2. On Tomcat side, add the following attributes to your Connector element in server.xml:
    secure="true"
    scheme="https"
    proxyPort="443"
    Last edited by rcc; Apr 22nd, 2013, 10:31 AM.

    Comment


    • #3
      Hi,

      One solution is described in chapter 4.14 of the manual. You provide an alternative version of the SAMLContextProvider and tell it what is the public URL. This approach should work for all load balancers and reverse proxies.

      Vladi

      Comment

      Working...
      X