Problem

In the Drupal administration section I get the following error message:

There is a Simplesamlphp configuration problem. The configuration is invalid: Setting secure cookie on plain HTTP is not allowed.

The SimpleSAMLphp configuration works and I have tested it with an Azure AD application.The only issue is that I get this message in Drupal admin section.

Just to give a little bit of context, the application is deployed on Openshift (Kubernetes) and it has HTTPS configure to work with the site.

However, I have read somewhere that Openshift might be allowing HTTPS communication for external access only while using HTTP for internal communication - not sure what it exactly means.

Comments

tsega created an issue. See original summary.

tsega’s picture

tsega commented

After much toiling I found the fix for the issue:

When simpleSAMLphp is setup behind a reverse proxy, similar to what the Openshift setup is like, you need to set the base URL of the application (not simpleSAMLphp admin tool but the actual Drupal site itself) in config/config.php file from simpleSAMLphp.

I add the following and it worked: (note: this piece of code is commented out in the config.php file so you will need to uncomment and set the correct value)

   /*
     * The 'application' configuration array groups a set configuration options
     * relative to an application protected by SimpleSAMLphp.
     */
    'application' => [
        /*
         * The 'baseURL' configuration option allows you to specify a protocol,
         * host and optionally a port that serves as the canonical base for all
         * your application's URLs. This is useful when the environment
         * observed in the server differs from the one observed by end users,
         * for example, when using a load balancer to offload TLS.
         *
         * Note that this configuration option does not allow setting a path as
         * part of the URL. If your setup involves URL rewriting or any other
         * tricks that would result in SimpleSAMLphp observing a URL for your
         * application's scripts different than the canonical one, you will
         * need to compute the right URLs yourself and pass them dynamically
         * to SimpleSAMLphp's API.
         */
        'baseURL' => 'https://'. $_SERVER['HTTP_HOST'],
    ],
tsega’s picture

tsega commented
Status: Active » Closed (works as designed)