Bryan Bende created NIFI-8218:
---------------------------------
Summary: SAML message intended destination endpoint {} did not
match receipient {}
Key: NIFI-8218
URL: https://issues.apache.org/jira/browse/NIFI-8218
Project: Apache NiFi
Issue Type: Bug
Reporter: Bryan Bende
Assignee: Bryan Bende
When behind a proxy, NiFi will respect the X-ProxyHost header and use that
value to construct the URLs in the SAML request, so that the SAML response will
be sent back through the proxy.
When processing the SAML response, there is OpenSAML code that compares the
"Destination" value in the SAML response which will have the proxy host,
against the host on the HttpServletRequest which comes from the Host header.
So if the Host header is different from X-ProxyHost, which it could be, then
this comparison fails.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
