SAML ACS URL behind IIS reverse proxy

robertrust · November 4, 2022, 12:50pm

Product: PowerShell Universal
Version: 3.4.3

I’m trying to set up PowerShell Universal with SAML authentication. Since I need SSL/TLS, I’m running it behind an IIS reverse proxy. The SAML request being generated uses http://psu.domain.com:5000 as the site URL and I can’t figure out how to make it use https://psu.domain.com. I can get it working running PSU in IIS, but I’ve gotten the impression that environment is more difficult to troubleshoot when problems arise. Should I stick with the reverse proxy? If so, how do I tell PSU what URL it should be using?

-Robert

Omzig · November 4, 2022, 12:53pm

is it at the root of iis or is it in an application in a sub site?

robertrust · November 4, 2022, 1:07pm

It’s the root and the only thing this server does. I’m setting X-Forwarded-Host, X-Forwarded-Proto, and X-Forwarded-Port in IIS as well.

-Robert

Omzig · November 4, 2022, 1:11pm

when i was testing reverse proxy, it seemed to like https on port 5433 setup. appsettings.json is where you add in your 5443 port and hook it into your cert. i do not have any experience yet with the SAML, i did see someone put multi-auth on on of their sites and use Okta authen tokens.

Topic		Replies	Views
PSU with reverse proxy	2	97	June 20, 2024
SAML2 Metadata for PSU PowerShell Universal	0	23	August 26, 2024
SAML2 and Azure AD PowerShell Universal	6	681	January 13, 2023
SAML2 setup on IIS not working? PowerShell Universal	1	250	November 13, 2022
PowerShell Universal with SAML authentication but WITHOUT automatic redirect	0	98	March 8, 2024

SAML ACS URL behind IIS reverse proxy

Related topics