0

Sorry, this problem has many variables so I might not be isolating the problem correctly.

Our website/application is using HTTPS under the Play 2.1.2 framework behind Okta. Okta uses SAML to authenticate. Our Java files for all of our pages (in the Java code) has @RequiresAuthentication(clientName = Saml2Client) so the user is forced to log in with their Active Directory login on Okta to access our site.

We used SAMLTracer on Firefox to determine that the webpage seems to be authenticating with Okta through SAML correctly. The problem we're running into is when using HTTPS, we're getting a 404 error for the main page. The log says:

[ERROR] - from application in play-akka.actor.default- dispatcher-9  oops! page not found: uri = /

As an experiment, we used HTTP instead of HTTPS and we don't get that error and our page loads up fine. The routes file is the same so it doesn't make sense that HTTPS doesn't work but HTTP does with the same routes file. The OKTA config are identical for both HTTP and HTTPS, sans the url (for HTTPS we used https:// and port 8443 instead of http:// and port 8080). What else might be causing this problem?

Classified
  • 5,759
  • 18
  • 68
  • 99
  • I suspect that the issue would be related to HTTPS, since you are able to get SAML working with HTTP but not HTTPS. When you have Play hosting from HTTPS, are you able to browse the site normally? Do you have more debugging logs that you could share that might help shed more light on the problem? – Joël Franusic Feb 08 '17 at 22:00
  • @JoëlFranusic, thx for replying. Apparently while debugging, I changed the setting and forgot to change it back, which gave me this error. I'm getting a different error now so I'll be closing or deleting this post and opening a new one with my new problem. – Classified Feb 09 '17 at 00:34
  • I'm curious, which setting did you forget to change back? – Joël Franusic Feb 09 '17 at 17:02
  • @JoëlFranusic In my Okta view, under SAML Settings, I can set the Default Relay State, which in our case is login?client_name=Saml2Client. Also for the SSO URL, Recipient URL, Destination URL and Audience Restriction URL, they have this value appended at the end. With blind trial and error, I removed this string from the URLs and and from the Default Relay State. That seemed to get me a step closer but after I realized it was removed and added it, I got a different error. We can take this into a chat rm so I can hopefully show you more of what I mean if you're still curious. – Classified Feb 09 '17 at 19:50

0 Answers0