Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-3748

Add Filter to rewrite originalUri value based on environment

    XMLWordPrintable

    Details

    • Story
    • Status: Closed
    • Major
    • Resolution: Done
    • 6.5.1
    • 7.0.2, 7.1.0
    • None

      Description

      As a user I want IG to rebase its originalUri in order to perform better in cloud environments where IG is behind other proxies.

      Acceptance Criteria

      • New ForwardedRequestFilter (feel free to find a better name)
      • offer a generic way to update scheme, host and port of the originalUri.
      • Add new UriContext in the chain with refined originalUri value.
      • Replace the Request with the updated OriginalUri.
      • Verify the filter work with GCP and AWS + provide as-of-today values to add in documentation

      Original description

      When SSL is offloaded before IG, the redirect is HTTP and not HTTPS

      There are occasions where load balancers in front of IG offload SSL before reaching IG. In cases where OAuth2 is being used (OAuth2ClientFilter), IG sees the request in HTTP and so it sets the redirect_uri as the HTTP version. This will error as the redirect_uri will be configured for the HTTPS address.

      To workaround this, you can write scripts to use X-Forwarded-For headers passed on by the load balancer but it would nice if there was a config switch or similar to pick this up.

        Attachments

          Issue Links

            Activity

              People

              nils.renaud Nils Renaud
              aaron.haskins Aaron Haskins
              Votes:
              1 Vote for this issue
              Watchers:
              11 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: