[midPoint] midPoint and load balancer with SSL offloading
Ned Morgan
Ned.Morgan at uncc.edu
Wed Mar 4 19:19:01 CET 2020
I am currently using v4.0.1, which explains why it didn't work for me when
I had tried setting publicHttpUrlPattern before. We implemented a redirect
from HTTP to HTTPS on our load balancer to work around the issue until we
update to 4.1.
Thanks for the helpful information!
On Wed, Mar 4, 2020 at 12:55 PM Martin <martin.de at myself.com> wrote:
> Hello there,
>
>
> yes we configured midpoint to run behind traefik (loadbalancer for
> docker). This feature was actually recently implemented into midpoint 4.1
> (-SNAPSHOT) per our request.
>
>
> You need to set the following in System Configuration.
>
> *<infrastructure>*
>
>
> * <publicHttpUrlPattern>https://$host/midpoint
> <https://$host/midpoint></publicHttpUrlPattern> *
>
> *</infrastructure>*
>
>
> Changing any settings for embedded tomcat is not required. (And did also
> not work for us to achieve SSL offloading)
>
>
> This solution will work for midpoint 4.1 and above.
>
>
> In addition to that and prior to 4.1 we force a redirection from HTTP ->
> HTTPS on the loadbalancer. This causes some additional redirects and causes
> security issues when authentication headers and passwords are involved but
> alteast it is a works. (
> https://docs.traefik.io/v1.4/user-guide/examples/#http-redirect-on-https)
>
>
> Best regards
>
> Martin
>
>
>
> Am 04.03.2020 um 16:24 schrieb Keith Hazelton:
>
> On behalf of Ned Morgan:
>
> Has anyone tackled configuring midPoint to work behind a load balancer
> with SSL offloading configured? I am attempting to do so and keep running
> into an issue where midPoint keeps redirecting the client to URLs over
> HTTP. I have tried various combinations of settings for the embedded tomcat
> to accept forwarded headers, but haven't had much luck.
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200304/1dcc45e8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5328 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200304/1dcc45e8/attachment.bin>
More information about the midPoint
mailing list