Hello Thomas,
Thank you for pointing me in the right direction in order to resolve this issue.
I’ve added your suggested code to a page of my xwiki setup and returned back the following
HTTP header “forwarded”: null
HTTP header “x-forwarded-host”: null
Application server port: 80
https://wiki.myhost.com:80
So I’ve managed to resolve this issue by reconfiguring the nginx-proxy-manager accordingly in order to set up the HTTP header “x-forwarded-host” and the "Application server port
I’ve changed back the ports on its docker-compose.yml configuration to the default values
…
image: ‘jc21/nginx-proxy-manager:latest’
ports:
- ‘80:80’
- ‘443:443’
- ‘81:81’
environment:
…
I have the following NPM Proxy Host setup for my wiki server:
Details:
Domain Name: wiki.myhost.com
Sheme:http
Forward Hostname/IP:
Forward Port:80
SSL:
SSL Certificate: wiki.myhost.com
Force SSL (Enabled)
Advanced:
location / {
proxy_pass $forward_scheme://$server:$port;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host:443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
So, now I get the following results and the OIDC extension works fine without any issue with AzureAD OpenID service.
HTTP header “forwarded”: null
HTTP header “x-forwarded-host”: wiki.myhost.com
Application server port: 443
https://wiki.myhost.com
Here are the changes I had already made in the xwiki.cfg and xwiki.properties and can successfully authenticate using the OpenID with AzureAD
xwiki.cfg
xwiki.home=https://wiki.myhost:443/
xwiki.url.protocol=https
xwiki.authentication.authclass=org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl
xwiki.properties
oidc.xwikiprovider=https://login.microsoftonline.com/<my Azure xwiki app Directory (tenant) ID>/oauth2
oidc.endpoint.authorization=https://login.microsoftonline.com/<my Azure xwiki app Directory (tenant) ID>/oauth2/v2.0/authorize
oidc.endpoint.token=https://login.microsoftonline.com/<my Azure xwiki app Directory (tenant) ID>/oauth2/v2.0/token
oidc.endpoint.userinfo=https://graph.microsoft.com/oidc/userinfo
oidc.endpoint.logout=https://wiki.myhost.com/bin/login/XWiki/XWikiLogout
oidc.endpoint.authorization=https://login.microsoftonline.com/<my Azure xwiki app Directory (tenant) ID>/oauth2/v2.0/authorize
oidc.endpoint.userinfo.headers=Accept:application/json
oidc.scope=openid,profile,email
oidc.endpoint.userinfo.method=GET
oidc.user.nameFormater=${oidc.issuer.host._clean}-${oidc.user.preferredUsername._clean}
oidc.clientid=<my Azure xwiki app Application (client) ID>
oidc.secret=<my Azure xwiki app Application (secret) ID>
The only remaining question is if somehow we should configure also the “HTTP header “forwarded”: null” to something else or not and if this will cause any issues on xwiki normal operation.
Best regards