Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-4958

X-Forwarded-For generated by IIS doesn't work with IP validation for SSO authentication

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Low
    • None
    • 2.8, 2.9.1, 3.0.0
    • None

    Description

      When using IIS as a reverse proxy (using Application Request Routing -ARR), the X-Forwarded-For header added by IIS might contain an IP:

      X-Forwarded-For: 192.168.59.50:55510

      The IP might differ for each request. This is not currently parsed correctly when checking the Crowd SSO token, causing a request handled on a different port to be treated as a request using a different host. The effects may vary, but usually this will make users unable to use the Crowd console or login.

      Workaround is currently to disable "Require consistent client IP address" in the "Session Configuration" menu

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CWD-4472 Windows 2012 R2 Throws IPv6 Exception when using IPv4

          • Medium - Medium priority issues
          • Long Term Backlog
          is cloned by

          KRAK-2584 Loading...

          Activity

            People

              Unassigned Unassigned
              lpater Lukasz Pater
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: