usually I deploy my WSO2 Identity Server behind a load balancer / proxy.
With WSO2 IS 5.7, I change my catalina-server.xml
adding the proxyPort=443
attribute in the HTTPS Connector as follows:
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9443"
proxyPort="443"
bindOnInit="false"
sslProtocol="TLS"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
...
/>
I can see the effect of this change because all redirect URIs I receive from the Identity Server don't contain the 9443 port. Additionally OIDC tokens issued by the IS contain the iss
issuer with the value: mydomain.com:443/oauth2/token
thus using 443
port instead of 9443
.
However, in WSO2 IS 5.10, where this option can be configured in the deployment.toml
as follows:
[transport.https.properties]
proxyPort = 443
I can see its effect only on redirect URIs but not in the OIDC token where the iss
claim still has the 9443
port: mydomain.com:9443/oauth2/token
.
It is not a critical issue for me, as I can configure my clients / service providers with this issuer value in advance, but I would like to know if in WSO2IS 5.10 it is a desired behavior or maybe a bug.
This happens when you start the server for the first time without setting the proxy port. Because some of the values are persisted to the database and will not be changed later even if you change the hostname or proxy port.
For the issuer value, you can go to resident identity provider > inbound authn config > OAuth2/OpenID Connect config
and update Identity Provider Entity ID
with new value.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.