0

这就是我的情况。

身份https ://mydomain.subdomain.com.br/homol/identity

当访问端点https://mydomain.subdomain.com.br/homol/identity/.well-known/openid-configuration这是我的回应

{
   "issuer":"http://mydomain.subdomain.com.br/",
   "jwks_uri":"http://mydomain.subdomain.com.br/.well-known/openid-configuration/jwks",
   "authorization_endpoint":"http://mydomain.subdomain.com.br/connect/authorize",
   "token_endpoint":"http://mydomain.subdomain.com.br/connect/token",
   "userinfo_endpoint":"http://mydomain.subdomain.com.br/connect/userinfo",
   "end_session_endpoint":"http://mydomain.subdomain.com.br/connect/endsession",
   "check_session_iframe":"http://mydomain.subdomain.com.br/connect/checksession",
   "revocation_endpoint":"http://mydomain.subdomain.com.br/connect/revocation",
   "introspection_endpoint":"http://mydomain.subdomain.com.br/connect/introspect",
   "device_authorization_endpoint":"http://mydomain.subdomain.com.br/connect/deviceauthorization",
   "frontchannel_logout_supported":true,
   "frontchannel_logout_session_supported":true,
   "backchannel_logout_supported":true,
   "backchannel_logout_session_supported":true,
   "scopes_supported":[
      "openid",
      "email",
      "profile"
   ],
   "claims_supported":[
      "sub",
      "email_verified",
      "email",
      "updated_at",
      "locale",
      "zoneinfo",
      "birthdate",
      "website",
      "picture",
      "profile",
      "preferred_username",
      "nickname",
      "middle_name",
      "given_name",
      "family_name",
      "name",
      "gender"
   ],
   "grant_types_supported":[
      "authorization_code",
      "client_credentials",
      "refresh_token",
      "implicit",
      "password",
      "urn:ietf:params:oauth:grant-type:device_code"
   ],
   "response_types_supported":[
      "code",
      "token",
      "id_token",
      "id_token token",
      "code id_token",
      "code token",
      "code id_token token"
   ],
   "response_modes_supported":[
      "form_post",
      "query",
      "fragment"
   ],
   "token_endpoint_auth_methods_supported":[
      "client_secret_basic",
      "client_secret_post"
   ],
   "subject_types_supported":[
      "public"
   ],
   "id_token_signing_alg_values_supported":[
      "RS256"
   ],
   "code_challenge_methods_supported":[
      "plain",
      "S256"
   ],
   "request_parameter_supported":true
}

两个问题:

1 - 为什么子域被删除?

2 - 当用户访问 SPA 应用程序,然后 oidc 客户端将他(使用 siginRedirect 方法)重定向到登录时,找不到端点,因为子域再次被删除。

谢谢。

4

1 回答 1

0

默认情况下,Identityserver,原始名称是从请求中推断出来的,您可以在此处阅读更多 Identityserver 选项 - http://docs.identityserver.io/en/3.1.0/reference/options.html
您可以配置 Identityserver 以使用您的自定义起源

services.AddIdentityServer(options =>
            {

                options.PublicOrigin ="https://mydomain.subdomain.com.br/homol/identity";
            })
于 2020-03-17T23:43:00.843 回答