1 Reply Latest reply on Jul 17, 2013 4:15 PM by chadbrogan

Picketlink SP redirects to http:// instead of https://

chadbrogan Jul 16, 2013 6:21 PM

I have picketlink 2.1.6 running on Tomcat 7.0.40. We are using ADFSv2 as an IDP. Everything works fine until the service provider redirects back to the originally requested URL. Instead of redirecting to https://blah.com it returns http://blah.com.

We have a similar setup (same picketlink.xml and ADFS configuration) on another server and everything appears to works fine. Why would picketlink redirect to http instead of https? Here is our picketlink.xml:

<?xml version="1.0" encoding="UTF-8"?>

<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"

BindingType="REDIRECT"

IDPUserPostBinding="true"

SupportsSignatures="true">

<IdentityURL>https://sso.blah.com/</IdentityURL>

<ServiceURL>https://app.blah.com/</ServiceURL>

<Trust>

</Trust>

</KeyProvider>

</PicketLinkSP>

</Handler>

</Handlers>

</PicketLink>

1. Re: Picketlink SP redirects to http:// instead of https://

chadbrogan Jul 17, 2013 4:15 PM (in response to chadbrogan)

I'm sure the vagueness and lack of details of my question contributed to the overwhelming response I received

I finally resolved the issue when I realized it was not picketlink, but tomcat that was misconfigured. When you put your tomcat instances behind a load balancer and terminate SSL at the load balancer, tomcat is unable to determine the original request protocol. Thus, tomcat will redirect the original url using http instead of https. Amazon's load balancers forward the protocol to tomcat. You just have to tell tomcat to listen for the right http header. This post was helpful:

http://stackoverflow.com/questions/5741210/handling-x-forwarded-proto-in-java-apache-tomcat
Actions