Created
April 26, 2024 16:53
-
-
Save thedoc31/20efc33bf5507a08374c07e2fe6b745d to your computer and use it in GitHub Desktop.
Rundeck + mod_auth_mellon httpd reverse proxy for SAML
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Searches that helped me fix the config | |
| Redirect loop: https://www.puppeteers.net/blog/solving-an-apache-mellon-redirect-loop-mystery/ | |
| 400 Bad Response error: https://jdennis.fedorapeople.org/doc/mellon-user-guide/mellon_user_guide.html#invalid_destination | |
| Okta app config notes | |
| * SAML Recipient should be https://<server_url>/<MellonEndpointPath>/postResponse | |
| * SAML Audience should be https://<server_url>/<MellonEndpointPath> | |
| Apache config notes | |
| * ServerName must match the SAML Recipient, including the HTTP/HTTPS | |
| mod_auth_mellon config notes | |
| * If changing <MellonEndpointPath> from default, the metadata must be regenerated because the endpoints need to match the internal filter | |
| ** See https://jdennis.fedorapeople.org/doc/mellon-user-guide/mellon_user_guide.html#metadata_creation | |
| Rundeck preauthorized mode config notes | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment