Relative AssertionConsumerServiceUrl redirects always to http instead of https

Ciao ragazzi,
I’m implementing a ServiceProvider-initiated SSO for one of our applications (using SAML v2.0 for .Net4, Version 2.6.0.13).
Unfortunately even if I access our web application using https the expanded absolute AssertionConsumerServiceUrl is always a plain http url, which obviously results in the redirection to that unsecure url.
Are there any means to ensure that during expansion of the AssertionConsumerServiceUrl https is preferred over http, if both bindings are configured in the application server?

The interesting part of my saml.config looks like that:
<ServiceProvider Name=“<a href=“https://appstest.domain.com/OurProject/””>https://appstest.domain.com/OurProject/“
…
AssertionConsumerServiceUrl=”~/LoginSAML.aspx"/>


I would be very grateful for any kind of advice.

Grazie mille in anticipo
Tanti saluti

Florian

Hi Florian
We use System.Web.VirtualPathUtility.ToAbsolute to expand the “~” to an absolute URL based off the URL of the HTTP request being processed (ie. HttpContext.Current.Request).
Is it possible that the URL for the current request is HTTP rather than HTTPS?
This might occur if you’re behind a load balancer etc that terminates the HTTPS session.
If that’s the case, you need to specify an absolute URL for the AssertionConsumerServiceUrl rather than a relative URL.

You’re welcome.

@ComponentSpace: Apologies for bumping this old thread. However, is it an option to “X-Forwarded-For” header when expanding the url.

We don’t access that header. I’m not sure if this would help as this is the IP address of the client. What the original poster was asking about is expanding the URL on the server side.

No worries.