I am upgrading my Grails4 application to Grails5 and am trying to upgrade the grails-spring-security-saml plugin from version 4.0.2 to version 5.0.0-RC3.
I am using Okta as my identity provider and if my app is http, I can successfully authenticate. If my app is https (behind a reverse proxy), the Okta response is denied because the audience, etc, doesn't match (http vs https).
I believe I got this working on the earlier (4.0.2) version by replacing
contextProvider(SAMLContextProviderImpl)
with
contextProvider(SAMLContextProviderLB) {
scheme = conf.saml.scheme
serverName = conf.saml.serverName
serverPort = conf.saml.serverPort
contextPath = conf.saml.contextPath
includeServerPortInRequestURL = conf.saml.includeServerPortInRequestURL
}
I am unsure of what needs to be done for this version.
I solved this by doing two things: