Support reverse proxy the NextCloud way

In some network configurations involving a reverse proxy, the base url generated by the underlying SAML library is not consistent with the way it's generated in NextCloud. For example, it may generate `http://` urls instead of `https://` when the SSL Layer is handled by a proxy, even when NextCloud URLGenerator#getAbsoluteURL effectively generates `https://` urls. This change setup SAML library to use the Server Protocol and Server Host as returned by the NextCloud Request object to build SAML urls properly.
nextcloud · Apr 5, 2019 · 9c2773d · 9c2773d
1 parent 7dd7c45
commit 9c2773d
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/lib/SAMLSettings.php b/lib/SAMLSettings.php
@@ -26,6 +26,7 @@
 use OCP\IRequest;
 use OCP\ISession;
 use OCP\IURLGenerator;
+use OneLogin\Saml2\Utils;
 
 class SAMLSettings {
 	/** @var IURLGenerator */
@@ -53,6 +54,11 @@ public function __construct(IURLGenerator $urlGenerator,
 		$this->config = $config;
 		$this->request = $request;
 		$this->session = $session;
+
+		Utils::setSelfProtocol($this->request->getServerProtocol());
+		Utils::setSelfHost($this->request->getServerHost());
+		Utils::setSelfPort(null);
+		Utils::setProxyVars(true);
 	}
 
 	/**