I have a keycloak server running at
https://myhost.co.uk/auth and a redash server at
https://redash.myhost.co.uk. The services sit behind an nginx reverse proxy, which handles all the ssl.
Previously I’ve set up a dev server with SAML authentication between the two services without https and could successfully log in (Following these extremely useful steps: [saml] Signature missing for assertion · Issue #2977 · getredash/redash · GitHub).
Now for my production server I need to enforce https. When I go to login the auth request made by redash looks like this:
<ns0:AuthnRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="http://redash.myhost.co.uk/saml/callback?org_slug=default" Destination="https://myhost.co.uk/auth/realms/master/protocol/saml" ID="id-someId" IssueInstant="2022-01-06T17:23:06Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0" > <ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">redash</ns1:Issuer> <ns0:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" /> </ns0:AuthnRequest>
This results in keycloak displaying
invalid_redirect_uri and i’m unable to login.
This makes sense, Keycloak should only be able to redirect to https://redash.myhost.co.uk/saml/callback?org_slug=default but the
AssertionConsumerServiceURL above is http://redash.myhost.co.uk/saml/callback?org_slug=default
Is there a way to tell redash to send https in the authentication request?
- Redash Version: 8.0.0+b32245 (a16f551e)
- Browser/OS: google chrome Version 96.0.4664.110 (Official Build) (64-bit)/Ubuntu 20.04
- How did you install Redash: Docker-compose