Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-23997

Provider doesn't validate signature behind Pound load balancer

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.8.1
    • Fix Version/s: 10.0
    • Component/s: BasicLTI
    • Labels:
      None
    • Property addition/change required:
      Yes
    • Previous Issue Keys:
      BLTI-197

      Description

      Provider doesn't validate signature behind Pound load balancer.

      We're running our cluster behind Pound and Pound recasts launch requests as http to the backends.

      By the time OAuth sees a request that was originally addressed to https://sakai.lancs.ac.uk it's become http://sakai.lancs.ac.uk and validation obviously fails. There should be a way of forcing the scheme before validation takes place.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  a.fish@lancaster.ac.uk Adrian Fish
                  Reporter:
                  a.fish@lancaster.ac.uk Adrian Fish
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Git Source Code