我有一个简单的 HTTPS 到 HTTP 反向代理,使用 Apache HTTPD(CentOS)
我已经为 SAML SSO 启用了 mod_auth_mellon,如果我有一个没有任何虚拟主机的简单 http 代理,它可以正常工作。
当我启用 HTTPS 和虚拟主机时,Mellon 身份验证不起作用。首先,它没有带我进入 Okta 登录页面。
我可以看到,HTTPS -> Http 在没有 SAML SSO 的情况下可以正常工作,但是如果我启用 SAML,它就无法工作。
HTTPD 配置:
<VirtualHost example.test.io:80>
Redirect permanent / https://example.test.io:443
</VirtualHost>
<VirtualHost example.test.io:443>
ServerName example.test.io
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
#ServerAdmin [email protected]
ProxyRequests Off
ProxyPreserveHost On
#RewriteEngine on
#RewriteRule ^/content/([^/]+)/(.*) /repository/$2 [R=301,L]
MellonCacheSize 100
MellonLockFile "/run/mod_auth_mellon/lock"
MellonPostTTL 900
MellonPostSize 1048576
MellonPostCount 100
<Location />
Require valid-user
AuthType "Mellon"
MellonVariable "cookie"
MellonSecureCookie On
MellonCookiePath /
MellonUser "NAME_ID"
MellonProbeDiscoveryTimeout 30
#MellonDiscoveryURL
MellonEnable "auth"
MellonEndpointPath "/sso"
MellonSPPrivateKeyFile /etc/httpd/mellon/https__okta.key
MellonSPCertFile /etc/httpd/mellon/https__okta.cert
MellonSPMetadataFile /etc/httpd/mellon/https__okta.xml
MellonIdPMetadataFile /etc/httpd/mellon/https-idp-metadata.xml
#RequestHeader set Authorization "Basic xxx"
RequestHeader set X-Forwarded-Proto "http"
ProxyPass http://app.com:8081/
ProxyPassReverse http://app.com:8081/
</Location>
ErrorLog /var/log/httpd/app_error.log
CustomLog /var/log/httpd/app_access.log common
</VirtualHost>
我猜想它转到了错误的应用程序 URL 位置,然后抛出 404 错误。
有什么想法吗?