Tagged: authorization consent form, idp, openam, openidconnect
This topic has 4 replies, 3 voices, and was last updated 6 years, 1 month ago by suhaibmustafa.
-
AuthorPosts
-
April 7, 2016 at 4:48 pm #9391
suhaibmustafa
ParticipantHi,
I have configured OpenAm/OpenIDConnect as Identity Provider and facing issue with the consent page. From user endpoint to load-balancer/proxy connection is over HTTPS but from load-balancer/proxy to openAM deployment connection is over HTTP. Everything works fine till auhtorization consent form page where it tries to load some javascripts and images over HTTP which is causing issue.
consent form page URL: https://some.base.url/openam/oauth2/authorize?response_type=code&client_id=<some_client>&redirect_uri=<some_uri>&scope=openid&state=<some value>
Javascript it tries to load: http://some.base.uri/openam/XUI/libs/requirejs-2.1.14-min.js
image: logo.pngI tried to create a “Base URL service” with a fixed value of https://some.base.uri but that also did not work out.
Any solution to this would be much appreciated.
Thanks and Best Regards,
Syed Suhaib Mustafa-
This topic was modified 6 years, 4 months ago by
suhaibmustafa.
April 8, 2016 at 4:41 am #9397Rajesh R
Participant@suhaibmustafa I had a similar issue an my colleague Peter Major had pointed me to the following link:
https://bugster.forgerock.org/jira/browse/OPENAM-8371
Would this be your issue?
April 11, 2016 at 6:43 am #9423suhaibmustafa
ParticipantHi Rajesh, Thanks for the quick reply. The issue I described is slightly different from it. The issue I am facing is that the OAuth2.0 authorization consent page is trying to load a unsecure content(JS, img) over a secure connection. Hence the browser shows a blank page with a notification to user on the top right corner which says:
This page is trying to load scripts form unauthenticated source.
Load unsafe scripts.
When we click on “load unsafe scripts” the consent page comes up and the flow works fine from there. My concern here is how/where/what to configure in OpenAM so that it loads all the contents of the html(here consent form) based on the protocol user requested(in this case HTTPS).
April 15, 2016 at 4:37 pm #9772Peter Major
ModeratorYou should configure the Base URL Provider service in your subrealm.
July 13, 2016 at 8:45 am #11996suhaibmustafa
ParticipantHi,
Base URL provider also didn’t work as I had mentioned in the problem statement. I fixed it by having a proxy in http connector of the apache tomcat server.
-
This topic was modified 6 years, 4 months ago by
-
AuthorPosts
You must be logged in to reply to this topic.