Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-2777

Crowd SSO can fail when x-forwarded-for contains port number

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Low
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: SSO
    • Labels:
      None
    • Support reference count:
      1

      Description

      When using a proxy it is possible that the x-forwarded-for will contain the port and more importantly change the port number per connection. This breaks SSO as the newly created port number is different from a sperate connection, thus changing the token.

      You will have entries in log similar to the following which specify the port and not just the IP to be used.

      com.atlassian.crowd.model.authentication.ValidationFactor@6a8768[name=remote_address,value=10.80.47.22]com.atlassian.crowd.model.authentication.ValidationFactor@1dfe824[*name=X-Forwarded-For,value=10.19.73.9:53672*]
      

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Last commented:
                4 years, 40 weeks, 3 days ago