Hi,
I have a website which I'm reverse proxying behind a Windows 2012R2 with IIS, ARR, and URL Rewrite. The defined rules work and the website is available through the reverse proxy, however if you try to use SAML authentication it fails when you click on SSO link the reverse proxy is rewriting the returned redirection URL to be the name of the website.
The website name is files.company.com, and SAML is provided by Okta. When the SSO link is clicked on the website it will return a 302 redirect to us.okta.com/app/company/ssp, however, the reverse proxy is rewriting the redirect back to files.company.com/app/company/ssp
I have enabled Failed Request Tracing and it show that the URL Rewrite is processed on the inbound request and shows that the response from the website is not changed by the rewrite rules, or at least from what I can tell, it's changed instead by the GENERAL_SET_RESPONSE_HEADER, which I'm assuming is part of ARR, even with all the tracing option turned on I don't see anymore information. The log looks like this:
URL rewrite start
Inbound rule rewrite request
URL Rewrite end
Module_set_response_success_status - ARR, 302, moved temporarily
General_Set_Response_Header - cache-control, no-cache, replace = true
General_Set_Response_Header - pragma, no-cache, replace = true
General_Set_Response_Header - Content-type, text/html, replace = true
General_Set_Response_Header - expires, <date>, replace=true
General_Set_Response_Header - location, https://us.okta.com/app/company/ssp, replace=true
General_Set_Response_Header - x-frame-options,, sameorigin, replace=false
General_Set_Response_Header - x-xss=protection, 1;mode=block, replace=true
General_Set_Response_Header - strict-transport-security, option, replace=false
General_Set_Response_Header - location, https://files.company.com/app/company.ssp, replace= true
Can anyone let me know if it is possible to exclude certain URL from being modified that are returned by the IIS server?
Thanks in advance,
Gary.