grailssaml-2.0grails-pluginspring-saml

How to configure grails-spring-security-saml plugin version 5.0.0-RC3 for https applications


I am upgrading my Grails4 application to Grails5 and am trying to upgrade the grails-spring-security-saml plugin from version 4.0.2 to version 5.0.0-RC3.

I am using Okta as my identity provider and if my app is http, I can successfully authenticate. If my app is https (behind a reverse proxy), the Okta response is denied because the audience, etc, doesn't match (http vs https).

I believe I got this working on the earlier (4.0.2) version by replacing

contextProvider(SAMLContextProviderImpl)

with

contextProvider(SAMLContextProviderLB) {
    scheme = conf.saml.scheme
    serverName = conf.saml.serverName
    serverPort = conf.saml.serverPort
    contextPath = conf.saml.contextPath
    includeServerPortInRequestURL = conf.saml.includeServerPortInRequestURL
}

I am unsure of what needs to be done for this version.


Solution

  • I solved this by doing two things:

    1. added the following to application.groovy: server.forwardHeadersStrategy = "framework"
    2. in my tomcat/server.xml file I added the following to the Connector port configuration: scheme="https"