Identityserver4 / oidc将登录名发送到错误的域名
[英]Identityserver4/oidc sends the login to the incorrect domain name
问题描述
I set up Identity Server 4 and my application on the same server both being run by IIS. 
我在由IIS运行的同一台服务器上设置了Identity Server 4和我的应用程序。
I then set up a proxy server to hide the applications using SSL-offloading. 然后,我设置了代理服务器以使用SSL卸载隐藏应用程序。
For some unkown reason, when I try and log into my application I'm sent to the wrong domain name. 由于某些未知原因,当我尝试登录到我的应用程序时,我被发送到错误的域名。 Example. 例。
I have https://IDS.com & https://myapplication.com 我有https://IDS.com和https://myapplication.com
When I open myapplication.com and try to access a page that requires authentication i'm supposed to be redirected to https://IDS.com/connect/authorize ... 当我打开myapplication.com并尝试访问需要身份验证的页面时,应该重定向到https://IDS.com/connect/authorize ...
instead it tries to send me to https://myapplication.com/connect/authorize ... which gives me a 404 error. 相反,它尝试将我发送到https://myapplication.com/connect/authorize ...,这给了我404错误。 However if I keep the url in the browser, and switch the domain name to IDS.com it works as expected. 但是,如果我将URL保留在浏览器中,然后将域名切换到IDS.com,则可以正常工作。
Is there a way to make ids request the correct domain name? 有没有办法让ID请求正确的域名?
I fiddled around with my iis rewrite rules a bit to see if i could goose it. 我摆弄了我的iis重写规则,看看是否可以放手。 I was semi successful in that I could redirect it to my identity server instead of my application for authorization. 我取得了半成功,因为我可以将其重定向到我的身份服务器,而不是我的授权申请。 However, the domain name remains the same and none of the CSS or javascript works. 但是,域名保持不变,并且CSS或javascript均无效。 So that work around is a no go. 所以解决方法是不行的。
` .AddOpenIdConnect(AuthorizationConsts.OidcAuthenticationScheme, options `.AddOpenIdConnect(AuthorizationConsts.OidcAuthenticationScheme,选项
=> { => {
options.SignInScheme = "Cookies";
options.Authority = "http://DNS:5000";//DNS for IDS
options.RequireHttpsMetadata = false;
options.ClientId = AuthorizationConsts.OidcClientId;
//https://IDS.com gives me 403 error so i'm using the DNS:{Port}
options.Scope.Clear();
options.Scope.Add(AuthorizationConsts.ScopeOpenId);
options.Scope.Add(AuthorizationConsts.ScopeProfile);
options.Scope.Add(AuthorizationConsts.ScopeEmail);
options.Scope.Add(AuthorizationConsts.ScopeRoles);
options.SaveTokens = true;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = JwtClaimTypes.Name,
RoleClaimType = JwtClaimTypes.Role,
};
options.Events = new OpenIdConnectEvents
{
OnMessageReceived = OnMessageReceived,
OnRedirectToIdentityProvider = OnRedirectToIdentityProvider
};
As stated the expected result is to change the domain name from https://myapplication.com => https://IDS.com so the site can properlly authenticate users and avoid http 404 如前所述,预期结果是从https://myapplication.com => https://IDS.com更改域名,以便该站点可以正确地对用户进行身份验证并避免使用http 404
1 个解决方案
解决方案1
0 2018-12-21 19:24:48
After a weeks of having all sorts of issues with getting IDS and my app to work together in production I finally figured it out. 在让IDS和我的应用程序在生产环境中协同工作遇到了各种各样的问题后,我终于想出了办法。 I don't believe this to be the ideal solution since I used URL rewrite, but it works. 我不相信这是理想的解决方案,因为我使用了URL重写,但是它可以工作。
On Proxy Server Open IIS Manager. 在代理服务器上,打开IIS管理器。 Select the site that is redirecting traffic. 选择要重定向流量的站点。 Select URL Rewrite. 选择URL重写。 Add a rule for inbound traffic and for the pattern put: (.*) Conditions add {URL} Matches Pattern : connect/authorize. 添加入站流量和放置的模式的规则:(。*)条件添加{URL}匹配模式:连接/授权。 then instead of using rewrite for the action select Redirect. 然后选择“重定向”,而不是对操作使用重写。 Put the domain name in which you want to connect to: https://ids.com/ {R:1} check Append query string. 将您要连接的域名放入: https : //ids.com/ {R:1}选中“追加查询字符串”。 Screen shots below. 屏幕截图如下。
I really hope this helps someone. 我真的希望这对某人有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.