I have a simple HTTPS to HTTP reverse proxy using Apache HTTPD (CentOS)
I have enabled mod_auth_mellon for SAML SSO, it works fine if I have a simple http proxy without any virtual host.
When I enable HTTPS & Virtual host, mellon auth is not working. In first place, its not taking me to the Okta login page.
I can see that HTTPS -> Http works fine without SAML SSO, its just not working if I enable SAML.
HTTPD Config:
<VirtualHost example.test.io:80>
Redirect permanent / https://example.test.io:443
</VirtualHost>
<VirtualHost example.test.io:443>
ServerName example.test.io
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
#ServerAdmin admin@example.com
ProxyRequests Off
ProxyPreserveHost On
#RewriteEngine on
#RewriteRule ^/content/([^/]+)/(.*) /repository/$2 [R=301,L]
MellonCacheSize 100
MellonLockFile "/run/mod_auth_mellon/lock"
MellonPostTTL 900
MellonPostSize 1048576
MellonPostCount 100
<Location />
Require valid-user
AuthType "Mellon"
MellonVariable "cookie"
MellonSecureCookie On
MellonCookiePath /
MellonUser "NAME_ID"
MellonProbeDiscoveryTimeout 30
#MellonDiscoveryURL
MellonEnable "auth"
MellonEndpointPath "/sso"
MellonSPPrivateKeyFile /etc/httpd/mellon/https__okta.key
MellonSPCertFile /etc/httpd/mellon/https__okta.cert
MellonSPMetadataFile /etc/httpd/mellon/https__okta.xml
MellonIdPMetadataFile /etc/httpd/mellon/https-idp-metadata.xml
#RequestHeader set Authorization "Basic xxx"
RequestHeader set X-Forwarded-Proto "http"
ProxyPass http://app.com:8081/
ProxyPassReverse http://app.com:8081/
</Location>
ErrorLog /var/log/httpd/app_error.log
CustomLog /var/log/httpd/app_access.log common
</VirtualHost>
I guess its going to a wrong app url location, then it throws 404 error.
Thoughts ?
