Invalid Response - SAML ACS response doesn't work for default Bitnami Wordpress image when Apache runs on TCP/8080

[dlew56]

Hi,

The default non-privileged Bitnami Wordpress container has Apache/container run on TCP/8080 (https://github.com/Bitnami/bitnami-docker-wordpress).

When it is configured this way, we reach this SAML error on login attempts after successful auth against our IDP:

The response was received at https://test.domain.net:8080/wp-login.php instead of https://test.domain.net/wp-login.php?saml_acs
There was at least one error processing the SAML Response: invalid_response
Contact the administrator

Here's part of the SAML response:
<samlp:Response ID="_68a3d2a1-d014-4720-b08d-d32c86badddf" Version="2.0" IssueInstant="2021-02-16T21:03:40.534Z" Destination="https://test.domain.net/wp-login.php?saml_acs" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" InResponseTo="ONELOGIN_35e46bf2427411ed77f96e3f4d6d92aec6c6e466" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <Subject> <NameID>USERNAME/NameID> <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <SubjectConfirmationData InResponseTo="ONELOGIN_35e46bf2427411ed77f96e3f4d6d92aec6c6e466" NotOnOrAfter="2021-02-16T21:08:40.534Z" Recipient="https://test.domain.net/wp-login.php?saml_acs" /> </SubjectConfirmation> </Subject>

However if we ran the container as Privileged (root) and change the Bitnami Dockerfile to:
APACHE_HTTPS_PORT_NUMBER="443"
APACHE_HTTP_PORT_NUMBER="80" \

Then it works.

However, we can't adjust the APACHE port numbers while the container is unprivileged, which is best practice.

How should we proceed?

Thanks,
David

[pitbulk]

Edit the settings.php

and after

https://github.com/onelogin/wordpress-saml/blob/master/onelogin-saml-sso/php/settings.php#L10
``

add:

use OneLogin\Saml2\Utils;

Utils::setBaseURL("https://test.domain.net/");

I will consider adding this as a new setting in a future release of the plugin.