kristophjunge/docker-test-saml-idp

CORS issues

Opened this issue · 2 comments

Hi

I am trying to use this server as a test IDP server for a Vue.js / node.js based application.

I have a working testbed using passport-saml where the express server serves the pages. But when I switch to the frontend I am running into CORS issues:

Access to XMLHttpRequest at 'http://samlserver:8080/simplesaml/saml2/idp/SSOService.php?SAMLRequest=nVNNb%2BIwEP0rke%2FkC6oWi1BR0GqRum1Esj30UhlnKN51bK%2FHKfTfrxOSFYctB062Zt4bz7w3nt0faxl8gEWhVUaSMCb38xmyWhq6aNxebeBPA%2BgCD1NIu0RGGquoZiiQKlYDUsdpsfjxSNMwpsZqp7mWJFivMvI2HU84VMl0u%2BO36fQGIJ0ACV6GBz3DAxEbWCt0TDkfipPpKB6PkkmZxDS9pUkSpjeTVxLkfekHoSqh3i%2F3sT2BkH4vy3yUPxclCRaIYJ1%2FeKkVNjXYAuyH4PBz85iRvXOGRpHUnMm9RkfHcRz3QcN9U10gaiVIPepdqMgj5Zbx3yRYeY2EYq4bqif90gfWbBvlGnoX33mmqI2Elt8XEZWJiuK5byI0e0NO2tNOEXsm%2BuVZ2TAXmTNj%2FN0bOovOKg2WPnnqepVrKfjnNZZ%2B07Zm7mt0EiZdRFSjXQelUDMhF1VlAdEbIKU%2BLC0wBxlxtgESDa31iwZVt3beIAfHq9ZuqWvDrMDWCTgy7gZRzwsvpddsA7trJL4I45S3pX0498dB26rdWuB%2BsNIyhUZb11vzv37mp9wXcvzLnn%2FN%2BV8%3D' (redirected from 'http://localhost:3000/saml2/login') from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. login.vue?8d26:124 loginWithSAML2...{"config":{"transformRequest":{},"transformResponse":{},"timeout":0,"xsrfCookieName":"XSRF-TOKEN","xsrfHeaderName":"X-XSRF-TOKEN","maxContentLength":-1,"headers":{"Accept":"application/json, text/plain, */*"},"method":"get","url":"http://localhost:3000/saml2/login"},"request":{}}

My connections:

image

Any idea where to start to tackle this problem?

Hi, I have same problem with similar project environment. Did you find a solution?

@aprixon-jowa I solved. Clone repository then change 2 files.

  1. You need to change Apache part of Dockerfile with this one:
COPY config/apache/ports.conf /etc/apache2
COPY config/apache/simplesamlphp.conf /etc/apache2/sites-available
COPY config/apache/cert.crt /etc/ssl/cert/cert.crt
COPY config/apache/private.key /etc/ssl/private/private.key
RUN echo "ServerName localhost" >> /etc/apache2/apache2.conf && \
    a2enmod ssl && \
    a2dissite 000-default.conf default-ssl.conf && \
    a2ensite simplesamlphp.conf && \
	a2enmod headers
  1. You need to change Directory part of simplesamlphp.conf file with this one:
<Directory /var/www/simplesamlphp/www>
		Header always set Access-Control-Allow-Origin "*"
		Header always set Access-Control-Allow-Origin "*"
		Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
		Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
		Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
        <IfModule !mod_authz_core.c>
        Require all granted
        </IfModule>
    </Directory>

After these changes, you can build a new docker image and run it.