WsFederationController does not honor IdentityServerOptions.PublicOrigin when calculating ReturnURL #27
Comments
|
Thanks! You are right. |
|
Feel free to send a PR |
|
Made some changes and managed to have a local version working as expected. Will submit a pull request in a few days when I get some time. -S |
|
got some time already? |
|
Hi Dominick, Things are less hectic. I will submit the fix tomorrow. -S From: Dominick Baier [mailto:notifications@github.com] got some time already? — |
This PR is copied from IdentityServer#34 All cred goes to santiagovm
|
merged on dev |
When Identity Server is deployed behind a load balancer with SSL termination at the load balancer, one can use the IdentityServerOptions.PublicOrigin to control the URLs that are generated by Identity Server and make sure they look like the load balancer's endpoint.
Say the load balancer endpoint is https://my-public-id-srv and the nodes listen on http://node1:8080 and http://node2:8080. Notice that load balancer requires SSL while the nodes do not.
For this setup one sets a couple of properties in the IdentityServerOptions object:
IdentityServerOptions.PublicOrigin = "https://my-public-id-srv"
IdentityServerOptions.RequireSsl = False
There is an issue with the WSFederationController. In this setup, the Controller is generating a return URL with http instead of https.
Rather than getting the RequestUri like this:
string requestUri = Request.RequestUri.AbsoluteUri
Something like this should be used to honor the PublicOrigin property:
string identityServerHost = Request.GetOwinContext().Environment.GetIdentityServerHost();
string pathAndQuery = Request.RequestUri.PathAndQuery;
string requestUri = identityServerHost + pathAndQuery;
Regards,
-Santiago
PS: Yesterday opened a similar issue in the Google+ provider. (TerribleDev/OwinOAuthProviders#57)
The text was updated successfully, but these errors were encountered: