Hey guys, I think there might be a bug in the way IS 4.6.0 configures its authentication URLs.
Here's the deal: I am using a small sample SAML2 SSO app. When I set up everything on my own box (IS, App Server, & my own browser) everything works fine. But, when I have them on different nodes, then it stops working. And the reason it stops working is that when IS is in the midddle of the authentication process, it redirects to a "localhost" URL, rathern than the correct hostname. The most obvious explanation for this is, localhost is hardcoded somewhere in the product when it shouldn't be, and nobody's tested this except when IS has been running on their own box. In case your curious, here are all the details. My page is at http://ec2-54-86-234-75.compute-1.amazonaws.com:8080/logindemo/index.jsp When you click on the login link, the target is: http://ec2-54-86-234-75.compute-1.amazonaws.com:8080/logindemo/samlsso This redirects you to: https://ec2-54-86-214-197.compute-1.amazonaws.com:9443/samlsso?SAMLRequest=nVRbb9ow. .. This redirects you to: https://localhost:9443/commonauth?SAMLRequest=nVRbb9... Note the localhost which has been inserted by the IS. Ideas? Jason Catlin
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
