Port 80 in OIDC Callback URL

I set up a xwiki instance on AWS EKS based on this Helm Chart github com xwiki-contrib xwiki-helm.

My Reverse Proxy is ALB based and configured like this:

ingress:
hosts:
- “wiki.sharedservices.somedomain .com”
- “wiki.somedomain .com”
enabled: true
ingressClassName: alb
annotations:
alb.ingress.kubernetes .io/backend-protocol: HTTP
alb.ingress.kubernetes .io/group.name: xwiki-alb
alb.ingress.kubernetes .io/healthcheck-path: /liveness
alb.ingress.kubernetes .io/healthcheck-protocol: HTTP
alb.ingress.kubernetes .io/scheme: internet-facing
alb.ingress.kubernetes .io/certificate-arn: “some arn…”
alb.ingress.kubernetes .io/tags: “Name=xwiki-alb”
alb.ingress.kubernetes .io/load-balancer-attributes: “idle_timeout.timeout_seconds=4000,routing.http2.enabled=false”
alb.ingress .kubernetes.io/target-type: ip
alb.ingress .kubernetes.io/ssl-redirect: ‘443’
alb.ingress .kubernetes.io/listen-ports: ‘[{“HTTP”: 80}, {“HTTPS”:443}]’
kubernetes .io/tls-acme: “true”

For login I use the OIDC Authenticator with AzureAD.

When authenticating I always get a port 80 in the callback url, like

https://wiki.somedomain.com:80/bin/view/Main/?srid=4Pu8JX0C

In the /authorize call the redirect_uri is set correct redirect_uri=somedomain.com

But the callback sets a wired ssl on port 80 location header:

https://wiki.somedomain.com:80/bin/view/Main/?srid=4Pu8JX0C

I tried
xwiki.cfg

xwiki.home=https://wiki.somdomain.com/
xwiki.home=https://wiki.somdomain.com:443/
xwiki.home=https://wiki.somdomain.com:443
xwiki.url.protocol=https

Descriptor of the wiki

secure = yes
port = 443
alias = https://wiki.somedomain.com

Read many posts from people facing similar problems but no workaround did the trick.

Can anyone help me to get rid of this nasty port 80 problem?

THX

Did you manage to resolve this? We are having a very similar issue.

Logging in through xwiki redirects to our IDP, which redirects back to xwiki but it adds a :80 into the url

https://domain.com:80/bin/view/Main/

If we manually remove the :80 it works fine, and we can’t for the life of us work out where this :80 is coming from. We’ve tried the same things as well, config-wise. Except for that descriptor thing, I don’t know where that is.

1 Like

You can see all wikis descriptors in “Wiki Index” (accessible from the top right corner menu, the same where you have “Administer Wiki”).

Ah i see. Well just tried that as well, setting Secure, Port 443, no change. :frowning:

the only solution we found is to use ngnix as a reverse proxy (instead of the alb) and redirect these strange urls to proper ssl.

server {
  listen 80;
  server_name wiki.somedomain.com;
  return 301 https://$host$request_uri;
}

but won’t be an option for production environment. Still looking to eliminate the root cause.