We have implemented SAML with ADFS authentication using the Spring SAML extension. The SP in on a server A which is behind Nginx, the URL is of the form https://serviceprovider/saml/login (just made it up), the ADFS is on the customer side in a separate network. The customers can access the https://serviceprovider/saml/login URL and they get the prompt from the ADFS to enter credentials, they do and for some reason they are getting redirected to the an URL with the internal IP address where the SP is hosted (server A), which is of course not accessible over the Internet, something like https://x.x.x.x:8443. Nothing is hard coded on our code and the Spring/SAML setup is all using the site URL’s for the SP and the IdP. Also verified the https://serviceprovider/saml/login/metadata returns the proper values.
Has anyone dealt with a situation like this? If so, how have you fixed it? Thanks
To whom it may concern, Nginx was adding the wrong Host header to the incoming request, adding the x.x.x.x.8443 host value. It was fixed by adjusting Nginx to send the proper Host header value 'serviceprovider' in the example.