SAML Assertion Consumer Service URL has http instead of https

[intelligentops]

Hey,

I have a clean Zulip setup with enabled SAMLAuthBackend behind a reverse proxy. I've configured SOCIAL_AUTH_SAML_ENABLED_IDPS section in settings.py and added x509cert from IdP. After that I can see server’s metadata at https://zulip.example.com/saml/metadata.xml but next Location has http scheme

<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://zulip.example.com/complete/saml/" index="1"/>

that cause my browser to show warning during the SAML assertion exchange.

Could you please help find the place where I can change the scheme? Thanks!

[eriktews]

Are you using Nginx? When so, you need to add a line line:

proxy_set_header X-Forwarded-Proto $scheme;

[eriktews]

I also added this to the docs here:

https://github.com/zulip/zulip/pull/19442

[timabbott]

That does sound correct, thanks for the fix!