You are viewing the Kantega SSO legacy documentation. The new documentation site is: https://kantega-sso.atlassian.net/wiki/x/hwAb

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: IIS proxy rewrite hint

...

In addition you should navigate to the IP restrictions page in the Kerberos menu and set the correct way of seeing the correct IP:



SAML: Redirection to identity provider fails with 404

If IIS is being used as a reverse proxy and you're getting 404 when trying to log in with SAML, IIS could be rewriting the identity provider redirect URL to point back to the Atlassian application. An example using ADFS, the browser is redirected to https://jira.example.com/adfs/ls/?SAMLRequest=rVLBcpswFPwV..... instead of https://adfs.example.com/adfs/ls/?SAMLRequest=rVLBcpswFPwV..... .

If this is happening, check any Rewrite rules for IIS and ARR. Then ensure "Reverse rewrite host in response headers" is disabled: Select the IIS server, open the Application Request Routing Cache pane, then select Proxy Settings from the right menu.

Image Added