We're updating the issue view to help you get more done. 

HttpsRequestWrapper wrongly sets the new URL

Steps to reproduce

Steps to reproduce:

1. Run Opencast without HTTPS
2. Configure a HTTP proxy to use HTTPS and set the "X-Forwarded-SSL" header to "on". Configure Opencast to uses the proxy URL.
3. Configure LTI and try to authenticate

Actual Results:

An error is returned:

HTTP ERROR 401
Problem accessing /lti. Reason:
Invalid signature for signature method HMAC-SHA1

The problem is that the SignatureBaseString of OAuth still contains "http" instead of "https" and thus validation fails. This is a result of a bug in `modules/matterhorn-kernel/src/main/java/org/opencastproject/kernel/filter/https/HttpsRequestWrapper.java:46` where `originalURL` is reseted to the "http" one.

Expected Results:

The LTI tool is displayed.

Status

Assignee

Stephen Marquard

Reporter

Matthias Neugebauer

Severity

Non Functioning

Tags (folksonomy)

None

Components

Fix versions

Affects versions

2.1.1
2.2.0
2.1.2
2.2.1
2.1.0
2.0.2
3.0
2.2.2
1.6.3

Priority

Major