Welcome! Log In Create A New Profile

Advanced

Preserve URL header issue in Nginx reverse proxy | ADFS

Posted by elangopal 
Preserve URL header issue in Nginx reverse proxy | ADFS
February 29, 2020 05:56AM
Hello,

We have configured Nginx reverse proxy on Ubuntu 18.04 for internal application ADFS URL, both instances are located in the same network of AWS cloud.
Redirection to the internal application ADFS ( https://ec2instance.domain.com/adfs/ls/idpinitiatedsignon.aspx ) is happening properly when we hit the Nginx reverse proxy URL ( https://rpserver.domain.com ), however, the URL of Nginx reverse proxy gets changed to ADFS URL after the user's authentication. We want to remain the URL of reverse proxy after user authentication.

Current status - Before user's authentication -
https://rpserver.domain.com -> https://rpserver.domain.com/adfs/ls/idpinitiatedsignon.aspx

Current status - After user's authentication -
https://rpserver.domain.com -> https://rpserver.domain.com/adfs/ls/idpinitiatedsignon.aspx -> user's authentication -> https://ec2instance.domain.com/adfs/ls/idpinitiatedsignon.aspx

Expected requirement - Before / After user's authentication -
https://rpserver.domain.com -> https://rpserver.domain.com/adfs/ls/idpinitiatedsignon.aspx -> user's authentication -> https://rpserver.domain.com/adfs/ls/idpinitiatedsignon.aspx


Environment details below -
Nginx RP URL - https://rpserver.domain.com
ADFS URL - https://ec2instance.domain.com/adfs/ls/idpinitiatedsignon.aspx


Nginx reverse proxy configuration details below -

server {
listen 80;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/sites-available/ssl.crt;
ssl_certificate_key /etc/nginx/sites-available/ssl.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_tokens off;
proxy_connect_timeout 3000;
proxy_send_timeout 3000;
proxy_read_timeout 3000;
send_timeout 3000;
#charset koi8-r;
ssl on;
ssl_dhparam /etc/nginx/sites-available/dhparam.pem;
server_name rpserver.domain.com;
location / {
root /adfs/ls/idpinitiatedsignon.aspx;
proxy_ssl_session_reuse off;
proxy_ssl_server_name on;
set $my_host "rpserver.domain.com";
#set $server_port "443";
proxy_set_header Host $my_host:$server_port;
proxy_set_header X-Forwarded-Host $my_host:$server_port;
proxy_set_header X-Forwarded-Server $my_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://ec2instance.domain.com/adfs/ls/idpinitiatedsignon.aspx;
proxy_set_header X-Forwarded-Proto https;
}
}

We would really appreciate your suggestion. Thanks in advance for your response.

Regards,
Elango
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 90
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready