[
https://issues.apache.org/jira/browse/NIFI-8218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17282700#comment-17282700
]
ASF subversion and git services commented on NIFI-8218:
-------------------------------------------------------
Commit 1d82fb8e01f3e8d3b25fcd773eaa7add03aad363 in nifi's branch
refs/heads/main from Bryan Bende
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=1d82fb8 ]
NIFI-8218 This closes #4816. Use proxy headers when available when getting
request values while processing SAML responses
Signed-off-by: Joe Witt <[email protected]>
> SAML message intended destination endpoint {} did not match receipient {}
> -------------------------------------------------------------------------
>
> Key: NIFI-8218
> URL: https://issues.apache.org/jira/browse/NIFI-8218
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Bryan Bende
> Assignee: Bryan Bende
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> When behind a proxy, NiFi will respect the X-ProxyHost header and use that
> value to construct the URLs in the SAML request, so that the SAML response
> will be sent back through the proxy.
> When processing the SAML response, there is OpenSAML code that compares the
> "Destination" value in the SAML response which will have the proxy host,
> against the host on the HttpServletRequest which comes from the Host header.
> So if the Host header is different from X-ProxyHost, which it could be, then
> this comparison fails.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
