The information you're about to submit is not secure warning in Chrome when end-users attempt to authenticate to AM (All versions)
The purpose of this article is to provide assistance if end-users see "The information you're about to submit is not secure" warnings in the Chrome™ browser when they are trying to authenticate to AM.
Symptoms
End-users using the Chrome browser may see the following in their browsers when they are
The information you're about to submit is not secure.
You will notice that the goto parameter in the login URL uses the http protocol.
Recent Changes
End-users have upgraded to Chrome 88.
Causes
Chrome 88 introduces warnings on forms that directly submit to http:// or that redirect to http:// with the form data preserved through the redirect. See Issue 1158169: Form is not Secure issue on new version for Chrome for further information.
Solution
This issue can be resolved as follows:
- Review your load balancer or proxy settings to ensure all communications are using https
and requests are routed entirely on https . The comments in Issue 1158169: Form is not Secure issue on new version for Chrome discuss various load balancer and proxy settings that may be helpful to review in conjunction with your settings. Configuring your load balancer or proxy is outside the scope of ForgeRock support; if you want more tailored advice, consider engaging Deployment Support Services. - For Agent initiated login flows: ensure you have configured your Agent for SSL Offloading:
- For SAML2 initiated login flows: review your federation settings to ensure all URLs use https.
- Configure the Base URL Source appropriately for your authentication flows. Setting it to the Fixed value option and specifying the base URL is helpful to ensure that any requests that come into AM are
redirected to a specific host and protocol, but other options, such as Host/protocol from incoming request may be more suitable depending on your setup.
Configure the Base URL Source Service
Note
You may need to add the Base URL Source service if it is not listed under Services by clicking Add a Service or Add and then selecting Base URL Source. If you are using ssoadm, you can replace set-realm-svc-attrs in the ssoadm command with add-svc-realm to add this service and set the attributes with the same command.
The Base URL Source Service applies to all XUI pages and the OpenID Base URL. You can set the Base URL Source Service using either the console, Amster or ssoadm:
- Console: navigate to: Realms > [Realm Name] > Services > Base URL Source, select the Base URL Source and complete any other fields as needed.
-
Amster: follow the steps in How do I update property values in AM (All versions) using Amster? with these values:
- Entity: BaseUrlSource
- Property: source and any other properties as needed (extensionClassName or fixedValue).
- ssoadm: enter the following command: $ ./ssoadm set-realm-svc-attrs -s amRealmBaseURL -e [realmname] -u [adminID] -f [passwordfile] -a base-url-source=[source]replacing [realmname], [adminID], [passwordfile] and [source] with appropriate values, and adding any other properties as needed.
See Security Guide › Configuring the Base URL Source Service for further information.
The following
Option | source or base-url-source value | Other attributes: Amster | Other attributes: ssoadm |
---|---|---|---|
Extension class | EXTENSION_CLASS | Extension class name field: extensionClassName attribute. | Extension class name field: base-url-extension-class attribute. |
Fixed value | FIXED_VALUE | Fixed value base URL field: fixedValue attribute. | Fixed value base URL field: base-url-fixed-value attribute. |
Forwarded header | FORWARDED_HEADER | ||
Host/protocol from incoming request | REQUEST_VALUES | ||
X-Forwarded-* headers | X_FORWARDED_HEADERS |
See Also
Related Training
N/A
Related Issue Tracker IDs
N/A