search

IdentityServer / IdentityServer4

OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
https://identityserver.io
Apache License 2.0
9.23k stars 4.02k forks source link

[Feature] Allow to manually override host and base path with custom values #1438

Closed filipw closed 7 years ago

filipw commented 7 years ago

Issue / Steps to reproduce the problem

I host Identity Server behind a fairly complicated network setup and the Identity Server doesn't necessarily know reliably where it's running (especially since it's in a docker container - it thinks it's localhost root).

In order to get the discovery document to generate itself properly, I'd like to have the possibility to set my own custom host and base path. Ideally, it would be even correlated with the IssuerUri in IdentityServerOptions.

Workaround

Here is what I am doing at the moment:

ConfigureServices:

             // read the expected URI from config: for example https://filipw.io/services/external/identity
            _securityConfig = SecurityConfiguration();
            Configuration.GetSection("Security").Bind(securityConfig);

             // use the URI as Issuer
            services.AddIdentityServer(options =>
            {
                options.IssuerUri = _securityConfig.Issuer.ToString();
            });

Configure

             // reset current Host and Path to match the configured Issuer URI
             app.Use((context, next) =>
             {
                    context.Request.Scheme = _securityConfig.Issuer.Scheme;
                    context.Request.PathBase = new PathString(_securityConfig.Issuer.PathAndQuery);
                    context.Request.Host = new HostString(_securityConfig.Issuer.Host);
                    return next();
             });

            app.UseIdentityServer();

This can be done as an external middleware, but it feels to me it would be nice to have this built-in.

TomCJones commented 7 years ago

This can also be handled by dynamic registration. That is not generally available. I created a library called TC.AUTHENTICATION to do that which is part of this download. https://bitbucket.org/tomcjones/idesgrp

brockallen commented 7 years ago

Why not put a MW in front of IdSvr and change the Path in the request to be what you want.

leastprivilege commented 7 years ago

Agreed - but it is also quite common.

Filip had it separately - but asked if we want to include such a simple middleware, e.g.

app.SetBasePath("https://login.mycompany.com");

lem0na commented 7 years ago

we use this solution and it works fine behind Incapsula WAF http://amilspage.com/set-identityserver4-url-behind-loadbalancer/

leastprivilege commented 7 years ago

I still like the idea.

brockallen commented 7 years ago

IIRC we already sort of do that now. we'd just need to make the APIs public

brockallen commented 7 years ago

Done in 2.0. You'd now do this:

services.AddIdentityServer(options =>
{
   options.PublicOrigin = "https://identityserver.io";
});
lock[bot] commented 4 years ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.