End-users using the Chrome browser may see the following in their browsers when they are
The information you're about to submit is not secure.
You will notice that the goto parameter in the login URL uses the http protocol.
End-users have upgraded to Chrome 88.
Chrome 88 introduces warnings on forms that directly submit to http:// or that redirect to http:// with the form data preserved through the redirect. See Issue 1158169: Form is not Secure issue on new version for Chrome for further information.
This issue can be resolved as follows:
- Review your load balancer or proxy settings to ensure all communications are using https
and requests are routed entirely on https . The comments in Issue 1158169: Form is not Secure issue on new version for Chrome discuss various load balancer and proxy settings that may be helpful to review in conjunction with your settings. Configuring your load balancer or proxy is outside the scope of ForgeRock support; if you want more tailored advice, consider engaging Deployment Support Services.
- For Agent initiated login flows: ensure you have configured your Agent for SSL Offloading:
- For SAML2 initiated login flows: review your federation settings to ensure all URLs use https.
- Configure the Base URL Source appropriately for your authentication flows. Setting it to the Fixed value option and specifying the base URL is helpful to ensure that any requests that come into AM are
redirected to a specific host and protocol, but other options, such as Host/protocol from incoming request may be more suitable depending on your setup.
Configure the Base URL Source Service
You may need to add the Base URL Source service if it is not listed under Services by clicking Add a Service or Add and then selecting Base URL Source. If you are using ssoadm, you can replace set-realm-svc-attrs in the ssoadm command with add-svc-realm to add this service and set the attributes with the same command.
The Base URL Source Service applies to all XUI pages and the OpenID Base URL. You can set the Base URL Source Service using either the console, Amster or ssoadm:
- Console: navigate to: Realms > [Realm Name] > Services > Base URL Source, select the Base URL Source and complete any other fields as needed.
Amster: follow the steps in How do I update property values in AM (All versions) using Amster? with these values:
- Entity: BaseUrlSource
- Property: source and any other properties as needed (extensionClassName or fixedValue).
- ssoadm: enter the following command: $ ./ssoadm set-realm-svc-attrs -s amRealmBaseURL -e [realmname] -u [adminID] -f [passwordfile] -a base-url-source=[source]replacing [realmname], [adminID], [passwordfile] and [source] with appropriate values, and adding any other properties as needed.
See Security Guide › Configuring the Base URL Source Service for further information.
|Option||source or base-url-source value||Other attributes: Amster||Other attributes: ssoadm|
|Extension class||EXTENSION_CLASS||Extension class name field: extensionClassName attribute.||Extension class name field: base-url-extension-class attribute.|
|Fixed value||FIXED_VALUE||Fixed value base URL field: fixedValue attribute.||Fixed value base URL field: base-url-fixed-value attribute.|
|Host/protocol from incoming request||REQUEST_VALUES|
Related Issue Tracker IDs