Apr 19th, 2012, 06:45 PM
Oauth signature calculation when used with LB SSL offloading
My application sits behind a load balancer which does SSL offloading.
Therefore, the client application hits https://my-server.com/application which goes to the load balancer, terminates the SSL and proxies the request to the actual server http://my-server.com/application. This ends up failing the signature check because the schema has changed.
Is there a way in oauth to handle this scenario? Doing some googling I have come across a non-standard HTTP header X-Forwarded-Proto which can be set to the forwarded protocol. Is it valid to use this as the schema when calculating the signature as opposed to what is returned from getRequestURL (in the Java world)?
Jul 19th, 2012, 03:44 AM
Hi, I'm facing the same issue.
Did you manage to fix this?
Jul 19th, 2012, 04:54 AM
I think you may need to inject an OAuthProviderSupport into your <provider support-ref=".."/>. There you can customize the URL calculation, either by providing a fixed baseUrl, or by implementing your own logic based on a custom header. Is that it?
Jul 19th, 2012, 06:22 AM
i'm trying to do it this way: http://bit.ly/MtPbif
but after having added my ChannelDecisionManagerPostProcessor it starts complaining that my securityContextRepository is null
ps: i'm working on sparklr2 example.
Jul 20th, 2012, 02:42 AM
That's a different problem (OP was about OAuth 1.0 signature calculations, yours is about OAuth2). Why not start a new thread?
Jul 20th, 2012, 06:18 AM