Hello,
I’ve set up tutor 11.2.5 behind a load balancer that handles SSL termination, and so I’m running tutor with caddy disabled and SSL/TLS set to NO during tutor local quickstart
And so tutor is running behind my loadbalancer in http mode, as it should.
After configuring SAML on the running instance and click the SSO login button, my IdP throws the below error:
The reply URL specified in the request does not match the reply URLs configured for the application
This seems to be due to the fact that tutor is running in http mode, and so the SAML response going from tutor to my IdP has the AssertionConsumerServiceURL in http as opposed to https.
See logs from lms when I enable SAML debug mode on (AssertionConsumerServiceURL should be https and not http):
lms_1 | 2021-04-08 08:58:26,513 INFO 6 [common.djangoapps.third_party_auth.saml] [user None] [ip 172.19.0.12] saml.py:179 - SAML login request for IdP default. Data: <QueryDict: {'auth_entry': ['login'], 'next': ['/'], 'idp': ['default']}>. Next url /. XML is:
(snip)
lms_1 | AssertionConsumerServiceURL="http://courses.mydomain.com/auth/complete/tpa-saml/">
(snip)
lms_1 | <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
lms_1 | </samlp:RequestedAuthnContext>
lms_1 | </samlp:AuthnRequest>
Is there any workaround to set tutors base url to https rather than http ?
Thanks in advance!
Ryo