Liferay as SAML SP fails after switching the URL of the virtual instance

Issue

SAML configuration hasn't been working since the virtual host of the portal instance changed.
Caused by: org.opensaml.ws.security.SecurityPolicyException: Request was required to be secured but was not
at org.opensaml.ws.security.provider.HTTPRule.evaluateSecured(HTTPRule.java:126)
at org.opensaml.ws.security.provider.HTTPRule.doEvaluate(HTTPRule.java:81)
at org.opensaml.ws.security.provider.HTTPRule.evaluate(HTTPRule.java:66)
at org.opensaml.ws.security.provider.BasicSecurityPolicy.evaluate(BasicSecurityPolicy.java:51)
at org.opensaml.ws.message.decoder.BaseMessageDecoder.processSecurityPolicy(BaseMessageDecoder.java:132)
at org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:83)
at org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:70

Environment

  • Liferay DXP 7.0 with reverse proxy

Resolution

Request was required to be secured but was not is typically reported when different protocols are used on SAML and server side.

You may disable the SSL Required check box in the Service Provider tab when you configure the new virtual instance or choose to set RequestHeader set X-Forwarded-Proto "https"  at the reverse proxy, so SSL required can be checked and it should work like before.

 

这篇文章有帮助吗?
0 人中有 0 人觉得有帮助