1

I've setup FusionAuth behind an IIS reverse proxy, and everything is working well except the host of the redirect_uri is stripped.

For example:

http://fa.ias.com/oauth2/authorize?client_id=2e75f7a0-5db9-488e-80a1-ca6c421dd31e&response_type=code&redirect_uri=http%3a%2f%2flocalhost%3a8092%2fLogin2

then tries to redirect to /Login2 (stripping out http://localhost...) so it's trying to redirect on the same host, being the fusion auth one, which of course gives a 404.

If i use http://localhost:9011/oauth2/authorize?client_id=2e75f7a0-5db9-488e-80a1-ca6c421dd31e&response_type=code&redirect_uri=http%3a%2f%2flocalhost%3a8092%2fLogin2

which doesn't go thru IIS then all is good.

IIS using the standard Reverse Proxy redirect which uses ARR, as I said everything else appears to work fine. It's OK on the standard FusionAuth application, as that redirects to /login out of the box without a host.

Tearing my hair out, hoping it's an easy fix. Spent ages setting FusionAuth up, love it, and I'm falling at the last hurdle.

davemac
  • 21
  • 2
  • Does a similar parameter get filtered out if you proxy a different web application (say a simple python script that echoes back parameters like https://gist.github.com/huyng/814831 )? That would identify if the issue is with IIS or some interaction between FusionAuth and IIS. Can you post your IIS proxy config as well? I wonder if there's some rule in the ARR config which is causing the issue. – mooreds Apr 30 '20 at 18:43

0 Answers0