Deploying IdentityServer4 behind reverse proxy

Question

We're trying to deploy IdentityServer4 behind a reverse proxy. The discovery document returns local urls e.g.

https://xxx.local/connect/token

Where we need

https://xxx.domain.com/connect/token

The IdentityServer docs point us to this github page. However, when we configure the middleware as described we see no changes.

var options = new ForwardedHeadersOptions
{
    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
app.UseForwardedHeaders(options);

A similar setup is found on this github page. The presented solution uses nginx, so perhaps our iis config is off.

In IIS for the proxy:

<serverVariables>
     <set name="HTTP_X_ORIGINAL_REMOTE_ADDR" value="{REMOTE_ADDR}" />
     <set name="HTTP_X_FORWARDED_PROTO" value="https" />
</serverVariables>

Any help would be appreciated.

Answer 1

Inside of IDS start up where you initiate IDS try the following code

var builder = services.AddIdentityServer(options =>
        {
            ...


            options.PublicOrigin = "https://domainName.com";// <= try adding this!

           ...




        })

This will force your discover endpoint to be your public IP. Let me know if that works. I

Answer 2

Update for 2020 (IdentityServer4 v4.x): PublicOrigin property was removed.

See: https://github.com/IdentityServer/IdentityServer4/issues/4535