Cms and channel manager do not work out-of-the-box when accessed over https

By Jeroen Hoffman

Hi,

We have the channel manager in place on our test environment which runs behind https. Both cms.war and site.war are deployed, config is OK, there is an Apache rule proxying test.cms.project.com/site to the site war.

Now, when opening a channel, we get "Unable to change to composermode. Please check if the site is online.". It seems this has to do with redirecting to the authentication part of the CMS under http instead of https.

Starting without cookies, in FireBug I get when clicking the channel name:

[1] https://test.cms.project.nl/site/_rp/cafebabe-cafe-babe-cafe-babecafebabe./composermode/www-test.cms.project.nl/?FORCE_CLIENT_HOST=true&_dc=1328101871545

This redirects to:

[2] https://test.cms.project.nl/auth?destinationUrl=http://test.cms.project.nl/site/_rp/cafebabe-cafe-babe-cafe-babecafebabe./composermode/www-test.cms.project.nl/?FORCE_CLIENT_HOST=true&_dc=1328101871545&key=672734F1128E66DF8553848049F834F7

Note destinationUrl=http
I searched in source code and found CmsSecurityValve where this URL is generated: it uses servletRequest.getScheme() neatly.

Now, when I open URL [2] in a separate tab I get

{"message":"Composer-Mode successful","data":true,"success":true}

and Subsequently, the channel does open in the channel manager. Apparantly a cookie has been set now.

We actually did adjust the Apache config to have /site also available under http, but we houldn't have to do that.

Why doesn't the auth work the first time? I suspect the first destinationUrl=http is wrong, any clue what is going on?