Allow URLs other than the configured server name for SAML auth.

Review Request #12499 — Created Aug. 4, 2022 and submitted

Information

Review Board
release-5.0.x

Reviewers

The SAML authentication object is initialized with a particular HTTP
host, and will reject any requests that come in with other hostnames.
We've run into a case with a user where they want to use a reverse proxy
for some users that give them a different hostname for the Review Board
server, and while their proxy can rewrite URLs in requests and content,
it's failing to handle the auth because of this. This change adds a step
to allow any hostname which is properly configured in the
ALLOWED_HOSTS setting to be passed through to the SAML library.

  • Ran unit tests.
  • Affected user reports that this solves their issue.
Summary ID
Allow URLs other than the configured server name for SAML auth.
The SAML authentication object is initialized with a particular HTTP host, and will reject any requests that come in with other hostnames. We've run into a case with a user where they want to use a reverse proxy for some users that give them a different hostname for the Review Board server, and while their proxy can rewrite URLs in requests and content, it's failing to handle the auth because of this. This change adds a step to allow any hostname which is properly configured in the `ALLOWED_HOSTS` setting to be passed through to the SAML library. Testing Done: - Ran unit tests. - Affected user reports that this solves their issue.
d7868a11d06f8ce2eb16649cff290b66f312dc01
chipx86
  1. Ship It!
  2. 
      
david
Review request changed
Status:
Completed
Change Summary:
Pushed to release-5.0.x (c4720f4)