Please forgive me if this question is poorly asked. I will delete it if it's a waste of everyone's time. I didn't implement this so I'm walking blind. The person who implemented this left and I need to get something to work.
So we are running our website from the play framework version 2.1.2 on a Centos server. When I execute "ps", I can see play is listening on port 9005 for http and 9004 for https.
The website requires authentication from Okta (I can probably post snippets of Java code showing this if needed) so users must authenticate from Okta via SAML before they can use our site.
Inside Okta, under SAML settings, there are 4 URLS:
If I set all urls to be http://mysite.mydomain.com:9005/login?client_name=Saml2Client, it works fine. The site works fine.
If I change all the urls to use https and port 9004 ( https://mysite.mydomain.com:9004/login?client_name=Saml2Client), it doesn't work. I get a HTTP 500 error.
Even weirder is if authenticate thru Okta and in another tab type in the host server instead of the FQDN, it works. https://servername.mydomain.com:9004 works fine. It's just when I log on thru Okta and click on the icon (or type the FQDN) that it gives me a HTTP 500 error.
What is Okta looking at when looking at each of the URLs. What do I need to look for to compare the difference between port 9004 and 9005 to get port 9004 to work thru Okta?
So summary: http://mysite.domain.com:9005/login.... - works thru Okta https://mysite.domain.com:9004/login... - doesn't work thru Okta https://servername.domain.com:9004 - typed in URI bar, works fine
If more information is required to answer my question, let me know and I'll update the question.
So our situation is this. We were using the Play framework ver 2.1.2. We are also using the play-pac4j library ver 1.1.4. for SAML support. Apparently, in the pac4j lib, there's a file called JavaWebContext.java. Inside, it hardcodes the scheme to be http. This messes us up, and not Okta.
Starting in version 1.4.x of this library, we see it check which scheme we need (http or https).
I'm not sure if we can use play 2.1.2 with version 1.4.x of the pac4j library or not. I'll update this answer when/if we find out.