If I go to the server direct with https://server.example.com:5001 it authenticates fine but when I go through haproxy such as https://example.com:443 PSU returns 502 bad gateway. Any idea why that would be?
I was trying both with direct port with :5001 and with the proxy from :443 to :5001
Whenever I get a 502 bad gateway, it is usually not the gateway and I have broken PSU in some way (I do that a lot )
2 thoughts on this…
- For the sake of testing, are you able to get access using HTTP?
- On line 5 of your 1st image is SVRNAME defined anywhere?
Are you using the community version of HAProxy or the enterprise version?
According to the manual, SAML is not included in Community:
It looks like you may have to buy a licence to get this to work.
I was hoping a see if SAML passthrough was possible without having it terminated at haproxy but that may not be the case.
I wonder if a KeyCloak container could handle the layer 7 stuff and allow you to have a HAProxy layer 4 gateway?
I might give it a shot whenever I get time. Maybe in a couple years Thanks!
I know that feeling all too well!