0

There is a Duende identity server (IS) running on a VM, behind an Nginx server. Nginx listens to port 443 and redirects the requests to IS running at 8080. When https://example.com/.well-known/openid-configuration is visited, the issuer in the configuration is shown as "issuer":"https://127.0.0.1:8080" because this is the address Nginx passes the requests to. However, it needs to be "issuer":"https://example.com" because this is the configured OIDC Authority in the client.

How can this be achieved?

M. Azyoksul
  • 1,580
  • 2
  • 16
  • 43

1 Answers1

1

You can set it via the IssuerUri property on the IdentityServerOptions manually if really needed.

https://docs.duendesoftware.com/identityserver/v6/reference/options/

As noted there you should not (need) do so. By default the the issuer gets detected dynamically. Starting point for you looking into this might be this class.

https://github.com/DuendeSoftware/IdentityServer/blob/main/src/IdentityServer/Services/Default/DefaultServerUrls.cs

IIRC it should respect X-Forwarded-For (XFF) and X-Forwarded-Host (XFH) headers during this detection. Said that, if your proxy server properly forwards this header to the downstream IS it should just work ™️.

Some documentation around this is available as well.

https://docs.duendesoftware.com/identityserver/v6/deployment/proxies/

In the end this is more about ASP.NET in general than Duende IS in particular I'd say.

devployment
  • 2,121
  • 1
  • 22
  • 33