This topic has 4 replies, 3 voices, and was last updated 6 years, 4 months ago by 
-
Posts
-
Hi,
I have configured OpenAm/OpenIDConnect as Identity Provider and facing issue with the consent page. From user endpoint to load-balancer/proxy connection is over HTTPS but from load-balancer/proxy to openAM deployment connection is over HTTP. Everything works fine till auhtorization consent form page where it tries to load some javascripts and images over HTTP which is causing issue.
consent form page URL: https://some.base.url/openam/oauth2/authorize?response_type=code&client_id=<some_client>&redirect_uri=<some_uri>&scope=openid&state=<some value>
Javascript it tries to load: http://some.base.uri/openam/XUI/libs/requirejs-2.1.14-min.js
image: logo.pngI tried to create a “Base URL service” with a fixed value of https://some.base.uri but that also did not work out.
Any solution to this would be much appreciated.
Thanks and Best Regards,
Syed Suhaib Mustafa@suhaibmustafa I had a similar issue an my colleague Peter Major had pointed me to the following link:
https://bugster.forgerock.org/jira/browse/OPENAM-8371
Would this be your issue?
Hi Rajesh, Thanks for the quick reply. The issue I described is slightly different from it. The issue I am facing is that the OAuth2.0 authorization consent page is trying to load a unsecure content(JS, img) over a secure connection. Hence the browser shows a blank page with a notification to user on the top right corner which says:
This page is trying to load scripts form unauthenticated source.
Load unsafe scripts.
When we click on “load unsafe scripts” the consent page comes up and the flow works fine from there. My concern here is how/where/what to configure in OpenAM so that it loads all the contents of the html(here consent form) based on the protocol user requested(in this case HTTPS).
You must be logged in to reply to this topic.
