Federated User Redirected to HTTP Instead of HTTPS After Assertion-based Authentication

book

Article ID: 193397

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

Our federated application request flow seems to be working successfully right up until the user is redirected to the Target URL after being authenticated via the received assertion.  A RelayState value is included in the authnrequest (SAMLRequest), however, as the SP we are not allowing the RelayState to override the Target.  The Target is configured as https, yet the user is redirected to http.  The rest of the Target URL is correct; the protocol switch is the only problem.

Cause

FWSTrace.log showed that Affwebservices was correctly redirecting to the Target using https.  Customer was using IIS Application Request Routing to proxy the requests from IIS to Tomcat and the ARR rules were altering the protocol.

Environment

Release : ALL

Component : SITEMINDER - FEDERATION

Resolution

Reconfigure the ARR rules such that the protocol of the redirect is preserved.