View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Support us on Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - SAML endpoints problem when projeqtor located behind a reverse proxy - ProjeQtOr
 
 

SAML endpoints problem when projeqtor located behind a reverse proxy

More
14 Dec 2021 21:31 #1 by vanrar68
SAML endpoints problem when projeqtor located behind a reverse proxy was created by vanrar68
When SAML authentication is enabled Projeqtor tries to automaticaly generate the SAML SP entityid and SAML endpoints URL based on values from the $_SERVER array (getBaseUrl() in model/persitence/SqlElement.php)
Currently this function doesn't check standard variables set by common reverse proxy (eg. X_FORWARDED_PROTO). When the reverse proxy is doing SSL termination (HTTPS between the browser and the reverse proxy, HTTP between the reverse proxy and the Projeqtor server). This is often the case for cloud/kubernetes deployment.
Projeqtor generates SAML endpoints URL with http prefix instead of https prefix. This behaviour generates browser warnings because of the security context switch.

The following solves the problem (in getBaseUrl() in model/persitence/SqlElement.php):
$https=(isset($_SERVER) || (isset($_SERVER) && $_SERVER === 'https'))?'on':'off';

Maybe a configuration setting is better suited

Regards

Please Log in or Create an account to join the conversation.

More
16 Dec 2021 11:35 #2 by babynus
Replied by babynus on topic SAML endpoints problem when projeqtor located behind a reverse proxy
Hi,

Thnaks for pointing out the issue.
Your proposale is weird and won't work on our Dev environments.
We added possibility to define parameter
if (Parameter::getGlobalParameter('paramHttps')!='') $https=Parameter::getGlobalParameter('paramHttps');
So you just have to add in your parameters.php file
$paramHttps='on';
​​​​​​​Fix will be deployed on V9.4.0
Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

More
19 Jan 2022 20:51 #3 by vanrar68
Replied by vanrar68 on topic SAML endpoints problem when projeqtor located behind a reverse proxy
Works great on 9.4.2, thanks

Please Log in or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.030 seconds

Cookies settings

×

Functional Cookies

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Please login to see yours activities!

Other cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form