Authentication redirects to plain HTTP signin-oidc callback #1299
Comments
I had a similar problem (docker and reverse proxy) and fixed it with the following code in startup before app.Use(async (context, next) =>
{
context.Request.Scheme = "https";
await next.Invoke();
}); |
IdentityServer passes back the protocol it received. Sounds like your app is running http with a reverse proxy terminating SSL and then forwarding http. Therefore, it is issuing the callback-redirect-url using http. You should map a X-FORWARDED-PROTO to the request protocol. Kestrel's .useIISIntegration() should do that, if that applies. Otherwise, in your Startup.cs, configure:
|
Yep - that's how ASP.NET Core works. |
Thank you guys for the assist - I managed to get it working with the above snippets, and learned something about how ASP.NET Core works. |
Hi, I'm using ASP.Net Core 2.1 and IdentityServer4 and having the same issue after the login is authorized. The callback page http://test.ems.net/signin-oidc return an empty page with error 404. Request header: Response Header: FireFox error message: My log text: 2018-10-04 08:46:43.22 : Debug => 0 - Augmenting SignInContext - * 2018-10-04 08:46:43.22 : Information => 10 - AuthenticationScheme: idsrv signed in. - * 2018-10-04 08:46:43.22 : Information => 2 - Request finished in 8.1483ms 200 text/html; charset=UTF-8 - * 2018-10-04 08:46:43.586 : Information => 1 - Request starting HTTP/1.1 POST http://test.ems.net/signin-oidc application/x-www-form-urlencoded 1612 - * 2018-10-04 08:46:43.586 : Information => 2 - Request finished in 0.5654ms 404 - * 2018-10-04 08:46:43.586 : Information => 32 - Connection id "0HLH9UN00CBF8", Request id "0HLH9UN00CBF8:00000002": the application completed without reading the entire request body. - * The same application, IdentityServer and Clients works perfectly in my LocalHost, after publishing to Windows Server 2012 R2 and ISS 8.5, the issue happens after the login. Please help. Regards. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
I am currently running a setup where I am hosting my IdentityServer application on Azure, and the rest of my infrastructure on Docker. HTTPS is provided through a reverse proxy.
When I land on my application via HTTPS, it correctly redirects to identity server over HTTP. The user then provides their credentials, after which IdentityServer redirects it back to my application over plain HTTP.
I'm currently not exposing my application over plain HTTP, and if at all possible, prefer not to expose it over HTTP at all.
My question is, why does IdentityServer use plain HTTP for the callback, and is it possible to change this behaviour through an option I'm missing?
I've tried only providing a HTTPS address for the callback, but that results in an error unfortunately.
Thanks for your time!
The text was updated successfully, but these errors were encountered: