Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
2.8, 2.9.1, 3.0.0
-
None
-
4
-
Severity 3 - Minor
-
1
-
Description
When using IIS as a reverse proxy (using Application Request Routing -ARR), the X-Forwarded-For header added by IIS might contain an IP:
X-Forwarded-For: 192.168.59.50:55510
The IP might differ for each request. This is not currently parsed correctly when checking the Crowd SSO token, causing a request handled on a different port to be treated as a request using a different host. The effects may vary, but usually this will make users unable to use the Crowd console or login.
Workaround is currently to disable "Require consistent client IP address" in the "Session Configuration" menu