We're updating the issue view to help you get more done. 

Login does not redirect to https

Steps to reproduce

Steps to reproduce:
1. run opencast with only http
2. use a proxy with https (with server.url correctly configured to point to the proxy address)
3. log in

Actual Results:
POST /j_spring_security_check does a 302 redirect to http://server.url/admin-ng/index.html instead of https://server.url/admin-ng/index.html

This is especially a problem when logging in via ajax in the engage ui as engage thinks the authentication failed because the browser will not redirect to http because of mixed content violation. You are actually logged in despite the error, which manually reloading the page proves.

Expected Results:
the browser is redirected to https://server.url/admin-ng/index.html thus enabling you to log in.

Workaround (if any):
configure your proxy to rewrite the response headers for Location: from http to https

Status

Assignee

Greg Logan

Reporter

Paul Pettit

Severity

Incorrectly Functioning With Workaround

Tags (folksonomy)

None

Components

Fix versions

Affects versions

3.2

Priority

Major