Enhancement: Respect X-Forwarded-Proto header in OpenIdAuthenticationMechanism #6653
Labels
Status: Open
Issue has been triaged by the front-line engineers and is being worked on verification
Type: Enhancement
Label issue as an enhancement request
Brief Summary
We have a Java web application using OIDC authentication, running on Payara 6 in a Dockerized environment, deployed to Azure as an AppService. The application runs internally with HTTP while Azure converts incoming traffic to HTTPS. Payara Security compares the incoming request URL directly with the configured URL, leading to a mismatch due to protocol differences. Azure adds the X-Forwarded-Proto header to the request indicating that originally it was HTTPS, but Payara does not respect that.
Expected Outcome
The OpenIdAuthenticationMechanism should accurately compare request URLs with configured OIDC Redirect URLs, respecting the X-Forwarded-Proto header.
Current Outcome
"OpenID Redirect URL https://my-url does not match with the request URL http://my-url" is logged and user is not authenticated.
Alternatives
Instead of
I propose a more sophisticated solution that respects the X-Forwarded-Proto header:
Context
No response
The text was updated successfully, but these errors were encountered: