How could we change HTTP header x-forwarded-host from null to host name in a tomcat server
Maybe you could try using the “HTTP Meta Info” field in the Admin UI, see https://extensions.xwiki.org/xwiki/bin/view/Extension/Administration%20Application#HPresentation
Hello @vmassol ,
Thanks for quick reply, actually I am trying OIDC to login to XWiki,
The same issue from Incorrect Link does happen for me too.
I too get this, but for the resolution they have used nginx proxy setup, but we are using Tomcat in a Windows Server for Xwiki
I would really appreciate if there is a way to setup this using Tomcat Server, instead of adding nginx as proxy
The point of x-forwarded-host and other headers like this is to indicate to an application behind an HTTP proxy what is the URL which was actually used by the HTTP client. You don’t need it if the final URL is already the same as the source one (i.e. when you access Tomcat directly).
Yes @tmortagne
But it is sending a wrong redirect link like this http://xwikihost.com:443/xwiki/oidc/authenticator/callback
and the groovy script check
{{groovy wiki=“false”}}
println 'HTTP header “forwarded”: ’ + xcontext.request.getHeader(‘forwarded’)
println 'HTTP header “x-forwarded-host”: ’ + org.xwiki.container.servlet.HttpServletUtils.getFirstHeaderValue(xcontext.request, ‘x-forwarded-host’)
println 'Application server port: ’ + xcontext.request.getServerPort()println org.xwiki.container.servlet.HttpServletUtils.getSourceBaseURL(xcontext.request)
{{/groovy}}
also returned something like this
HTTP header “forwarded”: null
HTTP header “x-forwarded-host”: null
Application server port: 443
[https://my-host.net:443]
What URL are you using to access the page where you have this script ?
It’s not very clear what exactly is wrong with the result you are getting.
Or do you mean that what you have with the script is good and not what is produced by the authenticator ? I don’t see much reason for them to be different, unless you configured something like xwiki.home in xwiki.cfg (which should never be used IMO, it’s more here as a retro compatibility thing and for very bad setups you cannot fix).
If you want to test in your script, the API used by the authenticator is xcontext.context.getURLFactory().getServerURL(xcontext.context)
I am using this on a page inside my wiki, I am trying to adopt oidc in xwiki, the authorization is returning >
“https://xwikihost.com:443/xwiki/oidc/authenticator/callback”
does not match the redirect uri configured for application
So I have added that groovy script in a Wiki page and checked, it is showing the x-forwarded-host as null, thought that is why it is not redirecting properly. How could it be resolved?
Hello @vmassol and @tmortagne ,
Could you help me with this?
I have setup the tomcat server for https but while logging in with oidc, it is redirecting to a wrong URL
“https://myhost.net:443/xwiki/oidc/authenticator/callback” specified in the request does not match the redirect URIs configured for the application ‘c80858f5-xxxxx-xxxxxxxx’
We did already, but you don’t really answer all the questions or give all the information, so it’s not easy when we have to guess…
For example, you never explicitly indicated what is wrong about the URL and what you expect to get instead. Is it just the explicit 443 port ?
What URL do you use to access the page which contain the groovy test script ? Is it https://my-host.net/... ?
If the answer to those two questions is “yes”, could you try the following groovy script:
{{groovy}}
print '**xcontext.context.getURLFactory().getServerURL(xcontext.context)**: '
println xcontext.context.getURLFactory().getServerURL(xcontext.context)
print '**org.xwiki.container.servlet.HttpServletUtils.getSourceBaseURL(xcontext.context.getRequest())**: '
println org.xwiki.container.servlet.HttpServletUtils.getSourceBaseURL(xcontext.context.getRequest())
print '**xcontext.context.getRequest().getServerName()**: '
println xcontext.context.getRequest().getServerName()
print '**xcontext.context.getRequest().getServerPort()**: '
println xcontext.context.getRequest().getServerPort()
print '**xcontext.context.getRequest().getRemoteHost()**: '
println xcontext.context.getRequest().getRemoteHost()
print '**xcontext.context.getRequest().getRemotePort()**: '
println xcontext.context.getRequest().getRemotePort()
print '**xcontext.context.getRequest().getLocalPort()**: '
println xcontext.context.getRequest().getLocalPort()
print '**xcontext.context.getRequest().getRequestURL()**: '
println xcontext.context.getRequest().getRequestURL()
{{/groovy}}
Hi @tmortagne ,
Actually I hope I have answered to all your questions, which might not be well formed answers, I am sorry for that. But actually I have replied two times and didn’t get any response, I have quoted it below for your information
While I am logging in I am getting the error, this is the url that i was mentioning as wrong url
And I use “https://myhost.net:443/xwiki/bin/view/Sandbox”
2.
xcontext.context.getURLFactory().getServerURL(xcontext.context) : https://myhost.net:443
org.xwiki.container.servlet.HttpServletUtils.getSourceBaseURL(xcontext.context.getRequest()) : https://myhost.net:443
xcontext.context.getRequest().getServerPort() : 443
xcontext.context.getRequest().getRemotePort() : 56425
xcontext.context.getRequest().getLocalPort() : 443
xcontext.context.getRequest().getRequestURL() : https://myhost.net/xwiki/bin/view/Sandbox/
The OIDC error you get just indicates that the URL you indicated on your provider configuration is different from the one it received. It does not indicate in any way what is exactly wrong about the URL and what you expect to get instead.
Are you really sure about that ? What you pasted from the script seems to suggest you are accessing the page with https://myhost.net/xwiki/bin/view/Sandbox.
My bad, it is like what you said, without 443 port
That is the issue ,I have configured https://myhost.net/xwiki as redirect uri in the provider
I created Loading... and found something which might help your use case, it will be included in the next releases. Which version of XWiki are you using ?
Currently we are using 14.10.18 version
While waiting for an upgrade to a version of XWiki in which this issue is fixed, you could replace the xwiki-platform-container-servlet-14.10.18.jar file you have (in <xwiki app>/WEB-INF/lib) with https://nexus-snapshots.xwiki.org/repository/snapshots/org/xwiki/platform/xwiki-platform-container-servlet/14.10.22-SNAPSHOT/xwiki-platform-container-servlet-14.10.22-20240806.093423-38.jar and see if you get better results in the test script (better keep the xwiki-platform-container-servlet-14.10.18.jar for the new file to avoid problems when upgrading if you use the Debian package).
As an alternative, if you have only one wiki, you can set the property xwiki.home in xwiki.cfg configuration file to the URL you want and XWiki won’t take into account what’s coming from the request anymore.
This does not have much to do with the property, it’s a consequence of something else (apparently the XWiki initialization failed). You should get a more accurate error in the log of the application server.