Open tonny1983 opened 4 years ago
Seems like url rewriting is not get affected in LB level.
Could you please double-check whether you have the following configuration in Nginx level.
location /authenticationendpoint/ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://ssl.nginx.com/authenticationendpoint/;
proxy_redirect https://z.z.z.z:9443/authenticationendpoint/ https://nginx.mycomp.org/authenticationendpoint/ ;
proxy_redirect https://server x.x.x.x:9yyy/authenticationendpoint https://nginx.mycomp.org/ authenticationendpoint;
}
This has been listed in [1], under the step 2 in the section "Nginx configuration with exposing /oauth2, /commonauth, and other endpoints". (You have to click and expand that section to get details).
I can confirm there is the same configuration in nginx like:
location /authenticationendpoint/ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://127.0.0.1:9443/authenticationendpoint/;
proxy_redirect https://127.0.0.1:9443/authenticationendpoint/ https://<mydomain>/authenticationendpoint/ ;
proxy_redirect https://127.0.0.1:9443/authenticationendpoint https://<mydomain>/authenticationendpoint ;
}
Further more, I'm afraid the mentioned document is for a load-balance case, but however, I just run the identity server as standalone behind a proxy.
Environment
Background The identity server is running at all its default ports, and there is a nginx proxy redirecting incoming https(443) requests to 9443. The nginx has got a certificate and a domain name (< mydomain >). A service provider is configured, which has got OAuth/OpenID Connect for Inbound Authentication. All server's configuration have been done according to the document.
Question When an application tries to access
https://<mydomain>/oauth2/authorize?response_type=code&client_id=xxxxxx.....
, the url redirects tohttps://127.0.0.1/authenticationendpoint/login.do?client_id=xxxxxxx......
. However, the correct one should behttps://<mydomain>/authenticationendpoint/login.do?client_id=xxxxxxx......
.Issue There is a discussion about the question in stackoverflow which means it must add protocol, domain name and port in the value of
AuthenticationEndpointURL
inidentity/application-authentication.xml
. The solution does not show in the document, and should it be a right one?