Contrib.social

The configuration is invalid: Setting secure cookie on plain HTTP is not allowed.

Open on Drupal.org →
Created on 19 February 2024, 9 months ago
Updated 23 February 2024, 9 months ago

Problem

In the Drupal administration section I get the following error message:

There is a Simplesamlphp configuration problem. The configuration is invalid: Setting secure cookie on plain HTTP is not allowed.

The SimpleSAMLphp configuration works and I have tested it with an Azure AD application.The only issue is that I get this message in Drupal admin section.

Just to give a little bit of context, the application is deployed on Openshift (Kubernetes) and it has HTTPS configure to work with the site.

However, I have read somewhere that Openshift might be allowing HTTPS communication for external access only while using HTTP for internal communication - not sure what it exactly means.

💬 Support request
Status

Closed: works as designed

Version

3.0

Component

Code

Created by

🇪🇹Ethiopia tsega

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @tsega
  • Comment 9 months ago
    🇪🇹Ethiopia tsega

    After much toiling I found the fix for the issue:

    When simpleSAMLphp is setup behind a reverse proxy, similar to what the Openshift setup is like, you need to set the base URL of the application (not simpleSAMLphp admin tool but the actual Drupal site itself) in config/config.php file from simpleSAMLphp.

    I add the following and it worked: (note: this piece of code is commented out in the config.php file so you will need to uncomment and set the correct value)

       /*
     * The 'application' configuration array groups a set configuration options
     * relative to an application protected by SimpleSAMLphp.
     */
    'application' => [
        /*
         * The 'baseURL' configuration option allows you to specify a protocol,
         * host and optionally a port that serves as the canonical base for all
         * your application's URLs. This is useful when the environment
         * observed in the server differs from the one observed by end users,
         * for example, when using a load balancer to offload TLS.
         *
         * Note that this configuration option does not allow setting a path as
         * part of the URL. If your setup involves URL rewriting or any other
         * tricks that would result in SimpleSAMLphp observing a URL for your
         * application's scripts different than the canonical one, you will
         * need to compute the right URLs yourself and pass them dynamically
         * to SimpleSAMLphp's API.
         */
        'baseURL' => 'https://'. $_SERVER['HTTP_HOST'],
    ],
  • Status changed to Closed: works as designed 9 months ago
  • Comment 9 months ago
    🇪🇹Ethiopia tsega
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024