You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Bryan Bende (Jira)" <ji...@apache.org> on 2021/02/10 18:34:00 UTC

[jira] [Updated] (NIFI-8218) SAML message intended destination endpoint {} did not match receipient {}

     [ https://issues.apache.org/jira/browse/NIFI-8218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bryan Bende updated NIFI-8218:
------------------------------
    Status: Patch Available  (was: Open)

> SAML message intended destination endpoint {} did not match receipient {}
> -------------------------------------------------------------------------
>
>                 Key: NIFI-8218
>                 URL: https://issues.apache.org/jira/browse/NIFI-8218
>             Project: Apache NiFi
>          Issue Type: Bug
>            Reporter: Bryan Bende
>            Assignee: Bryan Bende
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> When behind a proxy, NiFi will respect the X-ProxyHost header and use that value to construct the URLs in the SAML request, so that the SAML response will be sent back through the proxy.
> When processing the SAML response, there is OpenSAML code that compares the "Destination" value in the SAML response which will have the proxy host, against the host on the HttpServletRequest which comes from the Host header.
> So if the Host header is different from X-ProxyHost, which it could be, then this comparison fails.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)