Description
I tried to map SATOSA to a URI'd path behind a reverse proxy and didn't succeed. Looking through the code there are many mixes of the use of BASE (self.base_url) that defeat using it properly.
- metadata (generation) uses it
- register_endpoints of saml front and backend modules don't use it, but oidc frontend does
- discovery return_url doesn't use it
- saml2 backend ACS doesn't
This is where I stopped debugging and fixing the code.
All the above problems can be overcome seperately by wisely choosing a combination of reverse proxy conf (include base path in backend request or not) and SATOSA conf (with or without base path), but never together as as working system. It's a classical waterbed.
This issue is here only to address the problem, because we decided to go vhost based reverse proxy to keep the project going.
To clarify what I mean with base path URI'd SATOSA:
reverse proxy address: https:///satosa/
backend server: http://localhost:8080/ or http://localhost:8080/satosa