When generating one of the three clientEndpoint URIs, IG uses the org.forgerock.http.routing.UriRouterContext#getOriginalUri as part of calculating the base URI to use which may not be valid in all use-cases, especially if IG is behind a load-balancer doing SSL offloading.
Providing something pluggable, like the resourceUriProvider in
OPENIG-2568, would provide flexibility over how the final clientEndpoint URI is generated, with a default implementation that provides the same default behaviour as the existing clientEndpoint configuration item.
- Find a solution that would work not only for OIDC but for all scenarios where we expect originalUri to be okay
- Investigate if we should reuse UriRouterContext or have our own (issues when stacked ?)
- Should that be a route configuration attribute ?
- Implementation of a ForwardedFilter that would create a context taking into account X-Forwarded headers values
- Implementation of a static filter (just replace scheme, host and/or port)
- For a script, that would be more a doc thing (example)