LTI redirects to HTTP site in reverse proxy configuration

Steps to reproduce

Steps to reproduce:

The same as in MH-11786:
1. Run Opencast without HTTPS
2. Configure a HTTP proxy to use HTTPS and set the "X-Forwarded-SSL" header to "on". Configure Opencast to uses the proxy URL.
3. Configure LTI and try to run int

Actual Results:
LTI redirect to the LTI tool via HTTP

Expected Results:
LTI redirect to the LTI tool via HTTPS

The problem is caused by the `sendRedirect` method. Even after is fixed, it still thinks the request is served via HTTP. I could fix this by changing the passed location argument from a path to a whole URL (using the Opencast server URL). Since `sendRedirect` is used in other places, I'm not sure if this is the best way to solve this issue.

Activity

Show:
Stephen Marquard
June 6, 2017, 4:01 PM

The LTI redirect seems to be fixed by MH-12257. There are some other redirects still to be looked at, such as

https://my.domain/engage/ui/ will redirect to http://my.domain/engage/ui/index.html

Mostolog
June 7, 2017, 6:30 AM
Edited

Should I give it a try to confirm if it works? Could you provide PR/commit?

Stephen Marquard
June 7, 2017, 10:28 AM
Edited
Mostolog
June 7, 2017, 5:26 PM

Work perfectly now.
Thanks a lot!

Stephen Marquard
June 28, 2017, 3:31 PM

The short summary of this is that in Opencast 3.x, specifying a URL in tool=some.path parameter will cause Opencast to issue a redirect to http://some.domain/some.path.

In configurations where apache or nginx are the front-end proxy and forward https to Opencast on http, these redirects can be rewritten to https by using the ProxyPassReverse directive and equivalent configuration in nginx.

I'll leave this issue open until we've added example configurations to the docs.

Assignee

Stephen Marquard

Reporter

Matthias Neugebauer

Severity

Non Functioning

Tags (folksonomy)

None

Components

Fix versions

Affects versions

Priority

Major
Configure