cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

CF2021 SAML Response Error

milehighjustin
Explorer ,
Jun 29, 2021 Jun 29, 2021

Hello, I am attempting to set up SAML integration, and have been receiving an error during ProcessSAMLResponse:

coldfusion.saml.SamlResponseHandler$SamlResponseException: The response was received at http://…….. instead of https://……….. at coldfusion.saml.SamlResponseHandler.handleLoginResponse(SamlResponseHandler.java:218) at coldfusion.saml.SamlResponseHandler.handleResponse(SamlResponseHandler.java:127) at coldfusion.saml.SAMLServiceImpl.ProcessSAMLResponse(SAMLServiceImpl.java:502) at coldfusion.runtime.CFPage.ProcessSAMLResponse(CFPage.java:17502)

Everything is happening over HTTPS, and the ACS url is definitely https on the IDP side (Okta) and I have tried this on two different ColdFusion servers. Does anyone know what might be causing this? One server uses Apache to proxy over to CF and the other uses nginx. Im pretty sure that neither use https during the proxy. Could this be the reason?

1.7K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

pete_freitag
Enthusiast , Jun 29, 2021 Jun 29, 2021

Yes, I can point you in a few directions, not sure which is best.

 

Take a look at the tomcat server.xml file for the <Connector> tag that serves the http port your proxy uses (eg port 8500?). You can try adding secure="true" and/or scheme="https" 

https://tomcat.apache.org/tomcat-8.5-doc/config/http.html

 

Another option to look at is the SSLValve: org.apache.catalina.valves.SSLValve 

Translate
replies 5 Replies 5
latest latest Jump to latest reply
pete_freitag
Enthusiast ,
Jun 29, 2021 Jun 29, 2021

Yes, it could very well be the cause of that. I have run into similar issues with the java-saml library (which is what CF 2021 appears to be using under the hood), it uses httpServletRequest.getRequestURL() to determine the current URL. So a quick way you can check this is in CFML is like this:

<cfoutput>#getPageContext().getRequest().getRequestURL()#</cfoutput>

That will output the URL that the SAML library thinks is the current url, so if the scheme doesn't match, or the URL doesn't match exactally it will fail. There are some ways that you can configure tomcat to think it is serving https even though you are on http (only do this if the network between your webserver and CF is secure or is localhost), or you can setup tomcat to use https in your proxy.

 

Hope that helps!

Pete Freitag

Foundeo Inc.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
milehighjustin
Explorer ,
Jun 29, 2021 Jun 29, 2021
In Response To pete_freitag

Yeah, it is saying http when I run that one line. You mentioned a way to configure tomcat to make it think it is serving over https instead of http (it is localhost). Could you point me in that direction? Thank you!

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pete_freitag
Enthusiast ,
Jun 29, 2021 Jun 29, 2021
In Response To milehighjustin

Yes, I can point you in a few directions, not sure which is best.

 

Take a look at the tomcat server.xml file for the <Connector> tag that serves the http port your proxy uses (eg port 8500?). You can try adding secure="true" and/or scheme="https" 

https://tomcat.apache.org/tomcat-8.5-doc/config/http.html

 

Another option to look at is the SSLValve: org.apache.catalina.valves.SSLValve 

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
milehighjustin
Explorer ,
Jun 29, 2021 Jun 29, 2021
In Response To pete_freitag

You're a legend. That got it working. Thank you. 

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pete_freitag
Enthusiast ,
Jun 29, 2021 Jun 29, 2021
LATEST
In Response To milehighjustin

Just happend to have been down that road before 🙂 Glad you got it working! 

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices