You are viewing limited content. For full access, please sign in.

Question

Question

LF 22 Error with LFDS Authentication to Forms with Reverse Proxy

Forms Self-Hosted Version 12 Directory Server
Updated one day ago
asked on January 23 Show version history

We have a reverse proxy setup for /Forms and /LFDSSTS over HTTPS. It's on IIS as we use it for another application that works fine. 

Any of the forms work fine that don't require a login. However, when trying to log in the authentication goes through successfully but I get a LF22 error page. You can tell the LFDS authentication works because if you go to the /Forms page again I am already logged in. 

The Event Viewer on the Proxy has no errors but the Laserfiche server gives this error. 

"Message: ID3206: A SignInResponse message may only redirect within the current web application: 'https://external.address.com:443/Forms' is not allowed"

Forms Config is setup for the external address in the Forms server section and the User Authentication section.

I have checked the Web.config for forms and the realm, issuer and reply are all using the external address. 

Myself and our contractor are stumped. Any help on something we may have missed would be greatly appreciated.  We can't find any documentation on this specific error.

0 0

Replies

replied on January 23 Show version history

Hi Ryan, given the use of an external domain, you likely need to add it to the LFDSSTS Redirect Allowlist. Docs ref: Configuring a Redirect Allowlist

You'd add "https://external.address.com"

The docs example doesn't show adding the https:// protocol bit, but it's supported and good to include so non-https redirects are still blocked.

0 0
replied on January 23

I don't seem to have that option.

0 0
replied on January 23

Ah, you're running an older version where you have to set it in a config file because it's not exposed in the LFDSSTS Configuration UI yet. Here are the instructions for LFDS 11: Configuring a Redirect Allowlist

0 0
replied one day ago

I adjusted the lines according to the documentation and still getting the same errors. I added the domains as "external.address.com" and "https://external.address.com" and still getting the error. Any other things to look at?
I have restarted IIS after making the changes and even restarted the server.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...