Issue Summary
I have a keycloak server running at https://myhost.co.uk/auth and a redash server at https://redash.myhost.co.uk. The services sit behind an nginx reverse proxy, which handles all the ssl.
Previously I’ve set up a dev server with SAML authentication between the two services without https and could successfully log in (Following these extremely useful steps: [saml] Signature missing for assertion · Issue #2977 · getredash/redash · GitHub).
Now for my production server I need to enforce https. When I go to login the auth request made by redash looks like this:
<ns0:AuthnRequest
xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion"
AssertionConsumerServiceURL="http://redash.myhost.co.uk/saml/callback?org_slug=default"
Destination="https://myhost.co.uk/auth/realms/master/protocol/saml"
ID="id-someId"
IssueInstant="2022-01-06T17:23:06Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"
>
<ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">redash</ns1:Issuer>
<ns0:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" />
</ns0:AuthnRequest>
This results in keycloak displaying invalid_redirect_uri and i’m unable to login.
This makes sense, Keycloak should only be able to redirect to https://redash.myhost.co.uk/saml/callback?org_slug=default but the AssertionConsumerServiceURL above is http://redash.myhost.co.uk/saml/callback?org_slug=default
Is there a way to tell redash to send https in the authentication request?
Technical details:
- Redash Version: 8.0.0+b32245 (a16f551e)
- Browser/OS: google chrome Version 96.0.4664.110 (Official Build) (64-bit)/Ubuntu 20.04
- How did you install Redash: Docker-compose
