IdentityServer4 - Subdomain on DiscoveryDocument

Question

That's my scenario.

Identity: https://mydomain.subdomain.com.br/homol/identity

When access the endpoint https://mydomain.subdomain.com.br/homol/identity/.well-known/openid-configuration this is my response

{
   "issuer":"http://mydomain.subdomain.com.br/",
   "jwks_uri":"http://mydomain.subdomain.com.br/.well-known/openid-configuration/jwks",
   "authorization_endpoint":"http://mydomain.subdomain.com.br/connect/authorize",
   "token_endpoint":"http://mydomain.subdomain.com.br/connect/token",
   "userinfo_endpoint":"http://mydomain.subdomain.com.br/connect/userinfo",
   "end_session_endpoint":"http://mydomain.subdomain.com.br/connect/endsession",
   "check_session_iframe":"http://mydomain.subdomain.com.br/connect/checksession",
   "revocation_endpoint":"http://mydomain.subdomain.com.br/connect/revocation",
   "introspection_endpoint":"http://mydomain.subdomain.com.br/connect/introspect",
   "device_authorization_endpoint":"http://mydomain.subdomain.com.br/connect/deviceauthorization",
   "frontchannel_logout_supported":true,
   "frontchannel_logout_session_supported":true,
   "backchannel_logout_supported":true,
   "backchannel_logout_session_supported":true,
   "scopes_supported":[
      "openid",
      "email",
      "profile"
   ],
   "claims_supported":[
      "sub",
      "email_verified",
      "email",
      "updated_at",
      "locale",
      "zoneinfo",
      "birthdate",
      "website",
      "picture",
      "profile",
      "preferred_username",
      "nickname",
      "middle_name",
      "given_name",
      "family_name",
      "name",
      "gender"
   ],
   "grant_types_supported":[
      "authorization_code",
      "client_credentials",
      "refresh_token",
      "implicit",
      "password",
      "urn:ietf:params:oauth:grant-type:device_code"
   ],
   "response_types_supported":[
      "code",
      "token",
      "id_token",
      "id_token token",
      "code id_token",
      "code token",
      "code id_token token"
   ],
   "response_modes_supported":[
      "form_post",
      "query",
      "fragment"
   ],
   "token_endpoint_auth_methods_supported":[
      "client_secret_basic",
      "client_secret_post"
   ],
   "subject_types_supported":[
      "public"
   ],
   "id_token_signing_alg_values_supported":[
      "RS256"
   ],
   "code_challenge_methods_supported":[
      "plain",
      "S256"
   ],
   "request_parameter_supported":true
}

Two questions:

1 - Why sub domain was removed?

2 - When the user access SPA application and then the oidc client redirect him (using siginRedirect method) to Login, the endpoint it was not found, because sub domain was removed again.

Thanks.

score 0 · Answer 1 · answered Mar 17 '20 at 23:43

0

By default, Identityserver, the origin name is inferred from the request you can read more Identityserver options here - http://docs.identityserver.io/en/3.1.0/reference/options.html
you can configure Identityserver to use your custom origin

services.AddIdentityServer(options =>
            {

                options.PublicOrigin ="https://mydomain.subdomain.com.br/homol/identity";
            })

answered Mar 17 '20 at 23:43

Firdaus Kamaruddin

186
1
7

Thank you @firdaus-kamaruddin. Works partial, the address it's correct, but my complete flow it's not working. I try to access an SPA client, then, I'm redirect to login page (this was broken, but after set PublicOrigin is working), after user put the information, they should be redirect to SPA again, but there's an error, because the authorization endpoint is without subdomain **homol/identity** – Alexandre Bueno Mar 18 '20 at 16:44

IdentityServer4 - Subdomain on DiscoveryDocument

1 Answers1