Hi everybody, I'll try to explain the problem i'm facing to:
I have got a Pentaho BA Server 5.0.1 working on port 8080 via http. We also have an Apache2 as a reverse proxy forwarding requests to Pentaho. When a request via http arrives Apache is doing redirection from http to https, so every request sent to "http://mydomain/pentaho" is being redirected first to "https://mydomain/pentaho" and then is forwarded to Pentaho through http.
But we're facing several problems with this kind of configuration: login form loads ok, but when user tries to log in, he gets an "Login Error. A login error occured. Please try again". Doing some javascript debug we have seen this
"The page at 'https://mydomain/pentaho/Login' was loaded over HTTPS, but displayed insecure content from 'http://mydomain/pentaho/index.jsp': this content should also be loaded over HTTPS."
In fact the user has been authenticated, but the browser is blocking the page load.
Then the user can press F5 and Pentaho seems to redirect our user to the dashboard, but Chrome again claims that
"[blocked] The page at 'https://mydomain/pentaho/Home' was loaded over HTTPS, but ran insecure content from 'http://mydomain/pentaho/mantle/home/': this content should also be loaded over HTTPS.
Our web.xml:
I have already seen this in PUCLogin.jsp:
Where
transforms to 'http://mydomain/pentaho/index.jsp
All this worked seamlessly with Pentaho 3.6 which was my previous version.
What am i doing wrong? Is this a bug? Is there somewhere an 'http' hardcoded?
Thanks in advance
I have got a Pentaho BA Server 5.0.1 working on port 8080 via http. We also have an Apache2 as a reverse proxy forwarding requests to Pentaho. When a request via http arrives Apache is doing redirection from http to https, so every request sent to "http://mydomain/pentaho" is being redirected first to "https://mydomain/pentaho" and then is forwarded to Pentaho through http.
But we're facing several problems with this kind of configuration: login form loads ok, but when user tries to log in, he gets an "Login Error. A login error occured. Please try again". Doing some javascript debug we have seen this
"The page at 'https://mydomain/pentaho/Login' was loaded over HTTPS, but displayed insecure content from 'http://mydomain/pentaho/index.jsp': this content should also be loaded over HTTPS."
In fact the user has been authenticated, but the browser is blocking the page load.
Then the user can press F5 and Pentaho seems to redirect our user to the dashboard, but Chrome again claims that
"[blocked] The page at 'https://mydomain/pentaho/Home' was loaded over HTTPS, but ran insecure content from 'http://mydomain/pentaho/mantle/home/': this content should also be loaded over HTTPS.
Our web.xml:
Code:
<context-param>
<param-name>base-url</param-name>
<param-value>http://mydomain/pentaho/</param-value>
</context-param>
<!-- FullyQualifiedServerUrl is used only in the case of offline content generation and whenever something need to talk back to the server -->
<context-param>
<param-name>fully-qualified-server-url</param-name>
<param-value>http://mydomain/pentaho/</param-value>
</context-param>Code:
function bounceToReturnLocation() {
// pass
var locale = document.login.locale.value;
var returnLocation = '<%=ESAPI.encoder().encodeForJavaScript(requestedURL)%>';
if (returnLocation != '' && returnLocation != null) {
window.location.href = returnLocation;
} else {
window.location.href = window.location.href.replace("Login", "Home") + "?locale=" + locale;
}
}Code:
<%=ESAPI.encoder().encodeForJavaScript(requestedURL)%>All this worked seamlessly with Pentaho 3.6 which was my previous version.
What am i doing wrong? Is this a bug? Is there somewhere an 'http' hardcoded?
Thanks in advance