From 678918399e47283ebe4c04bfaf205ff7ec5616b5 Mon Sep 17 00:00:00 2001
From: Marcel Horner <marcel.horner@stefanini.com>
Date: Tue, 4 Nov 2025 10:16:49 -0600
Subject: [PATCH 1/4] Adding SOCIAL_AUTH_REDIRECT_IS_HTTPS, to enable use of
 HTTPS protocol when redirecting after login.

---
 dojo/settings/settings.dist.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py
index 97fdd706ea4..218afa2cdc3 100644
--- a/dojo/settings/settings.dist.py
+++ b/dojo/settings/settings.dist.py
@@ -115,6 +115,7 @@
     DD_SOCIAL_AUTH_CREATE_USER=(bool, True),  # if True creates user at first login
     DD_SOCIAL_AUTH_CREATE_USER_MAPPING=(str, "username"),  # could also be email or fullname
     DD_SOCIAL_LOGIN_AUTO_REDIRECT=(bool, False),  # auto-redirect if there is only one social login method
+    DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS=(bool, False),  # If true, the redirect after login will use the HTTPS protocol
     DD_SOCIAL_AUTH_TRAILING_SLASH=(bool, True),
     DD_SOCIAL_AUTH_OIDC_AUTH_ENABLED=(bool, False),
     DD_SOCIAL_AUTH_OIDC_OIDC_ENDPOINT=(str, ""),
@@ -576,6 +577,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
 # Showing login form (form is not needed for external auth: OKTA, Google Auth, etc.)
 SHOW_LOGIN_FORM = env("DD_SOCIAL_AUTH_SHOW_LOGIN_FORM")
 SOCIAL_LOGIN_AUTO_REDIRECT = env("DD_SOCIAL_LOGIN_AUTO_REDIRECT")
+SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS")
 SOCIAL_AUTH_CREATE_USER = env("DD_SOCIAL_AUTH_CREATE_USER")
 SOCIAL_AUTH_CREATE_USER_MAPPING = env("DD_SOCIAL_AUTH_CREATE_USER_MAPPING")
 

From 4295a230783cca333164b1d999b93ba6e80baf62 Mon Sep 17 00:00:00 2001
From: Marcel Horner <marcel.horner@stefanini.com>
Date: Tue, 4 Nov 2025 15:56:42 -0600
Subject: [PATCH 2/4] Adding description about how to setup
 SOCIAL_AUTH_REDIRECT_IS_HTTPS when using helm to docs
 (docs/content/en/customize_dojo/user_management/configure_sso.md).

---
 docs/content/en/customize_dojo/user_management/configure_sso.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/content/en/customize_dojo/user_management/configure_sso.md b/docs/content/en/customize_dojo/user_management/configure_sso.md
index b66fa08dbf7..39d671267bf 100644
--- a/docs/content/en/customize_dojo/user_management/configure_sso.md
+++ b/docs/content/en/customize_dojo/user_management/configure_sso.md
@@ -512,6 +512,8 @@ in the client app settings.* and the `redirect_uri` HTTP
 GET parameter starts with `http://` instead of
 `https://` you need to add
 `SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` to Docker environment variables, or to your `local_settings.py` file.
+You can also setup SOCIAL_AUTH_REDIRECT_IS_HTTPS by adding the DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS var to extraConfigs
+section of your Helm yaml file, when deploying with Helm.
 
 2. Restart DefectDojo, and 'Login With Okta' should appear on the login screen.
 

From db1fb1ea67a290b6cc0c1a629c7a6ca856e008e2 Mon Sep 17 00:00:00 2001
From: Marcel Horner <marcel.horner@stefanini.com>
Date: Tue, 4 Nov 2025 16:03:07 -0600
Subject: [PATCH 3/4] Adding description about how to setup
 SOCIAL_AUTH_REDIRECT_IS_HTTPS when using helm to docs
 (docs/content/en/customize_dojo/user_management/configure_sso.md).

---
 docs/content/en/customize_dojo/user_management/configure_sso.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/content/en/customize_dojo/user_management/configure_sso.md b/docs/content/en/customize_dojo/user_management/configure_sso.md
index 39d671267bf..85274142467 100644
--- a/docs/content/en/customize_dojo/user_management/configure_sso.md
+++ b/docs/content/en/customize_dojo/user_management/configure_sso.md
@@ -513,7 +513,7 @@ GET parameter starts with `http://` instead of
 `https://` you need to add
 `SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` to Docker environment variables, or to your `local_settings.py` file.
 You can also setup SOCIAL_AUTH_REDIRECT_IS_HTTPS by adding the DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS var to extraConfigs
-section of your Helm yaml file, when deploying with Helm.
+section of your Helm value yaml file, when deploying with Helm.
 
 2. Restart DefectDojo, and 'Login With Okta' should appear on the login screen.
 

From e50c2756582b7e476f049f496c288b7afbca43c4 Mon Sep 17 00:00:00 2001
From: valentijnscholten <valentijnscholten@gmail.com>
Date: Wed, 5 Nov 2025 21:25:42 +0100
Subject: [PATCH 4/4] Apply suggestion from @valentijnscholten

---
 .../en/customize_dojo/user_management/configure_sso.md        | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/docs/content/en/customize_dojo/user_management/configure_sso.md b/docs/content/en/customize_dojo/user_management/configure_sso.md
index 85274142467..da6c9ca5f33 100644
--- a/docs/content/en/customize_dojo/user_management/configure_sso.md
+++ b/docs/content/en/customize_dojo/user_management/configure_sso.md
@@ -511,9 +511,7 @@ If during the login process you get the following error: *The
 in the client app settings.* and the `redirect_uri` HTTP
 GET parameter starts with `http://` instead of
 `https://` you need to add
-`SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` to Docker environment variables, or to your `local_settings.py` file.
-You can also setup SOCIAL_AUTH_REDIRECT_IS_HTTPS by adding the DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS var to extraConfigs
-section of your Helm value yaml file, when deploying with Helm.
+`DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` to Docker Compose environment variables, or `SOCIAL_AUTH_REDIRECT_IS_HTTPS` to your `local_settings.py` file.
 
 2. Restart DefectDojo, and 'Login With Okta' should appear on the login screen.