docker-zulip
docker-zulip copied to clipboard
SAML Assertion Consumer Service URL has http instead of https
Hey,
I have a clean Zulip setup with enabled SAMLAuthBackend behind a reverse proxy. I've configured SOCIAL_AUTH_SAML_ENABLED_IDPS section in settings.py and added x509cert from IdP. After that I can see server’s metadata at https://zulip.example.com/saml/metadata.xml but next Location has http scheme
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://zulip.example.com/complete/saml/" index="1"/>
that cause my browser to show warning during the SAML assertion exchange.
Could you please help find the place where I can change the scheme? Thanks!
Are you using Nginx? When so, you need to add a line line:
proxy_set_header X-Forwarded-Proto $scheme;
I also added this to the docs here:
https://github.com/zulip/zulip/pull/19442
That does sound correct, thanks for the fix!