IdentityServer4-发现文档上的子域_Identityserver4_Identitymodel

IdentityServer4-发现文档上的子域

identityserver4

IdentityServer4-发现文档上的子域,identityserver4,identitymodel,Identityserver4,Identitymodel,这就是我的设想身份：当访问端点时，这是我的响应 { "issuer":"http://mydomain.subdomain.com.br/", "jwks_uri":"http://mydomain.subdomain.com.br/.well-known/openid-configuration/jwks", "authorization_endpoint":"http://mydomain.subdomain.com.br/connect/authorize",

这就是我的设想

身份：

当访问端点时，这是我的响应

{
   "issuer":"http://mydomain.subdomain.com.br/",
   "jwks_uri":"http://mydomain.subdomain.com.br/.well-known/openid-configuration/jwks",
   "authorization_endpoint":"http://mydomain.subdomain.com.br/connect/authorize",
   "token_endpoint":"http://mydomain.subdomain.com.br/connect/token",
   "userinfo_endpoint":"http://mydomain.subdomain.com.br/connect/userinfo",
   "end_session_endpoint":"http://mydomain.subdomain.com.br/connect/endsession",
   "check_session_iframe":"http://mydomain.subdomain.com.br/connect/checksession",
   "revocation_endpoint":"http://mydomain.subdomain.com.br/connect/revocation",
   "introspection_endpoint":"http://mydomain.subdomain.com.br/connect/introspect",
   "device_authorization_endpoint":"http://mydomain.subdomain.com.br/connect/deviceauthorization",
   "frontchannel_logout_supported":true,
   "frontchannel_logout_session_supported":true,
   "backchannel_logout_supported":true,
   "backchannel_logout_session_supported":true,
   "scopes_supported":[
      "openid",
      "email",
      "profile"
   ],
   "claims_supported":[
      "sub",
      "email_verified",
      "email",
      "updated_at",
      "locale",
      "zoneinfo",
      "birthdate",
      "website",
      "picture",
      "profile",
      "preferred_username",
      "nickname",
      "middle_name",
      "given_name",
      "family_name",
      "name",
      "gender"
   ],
   "grant_types_supported":[
      "authorization_code",
      "client_credentials",
      "refresh_token",
      "implicit",
      "password",
      "urn:ietf:params:oauth:grant-type:device_code"
   ],
   "response_types_supported":[
      "code",
      "token",
      "id_token",
      "id_token token",
      "code id_token",
      "code token",
      "code id_token token"
   ],
   "response_modes_supported":[
      "form_post",
      "query",
      "fragment"
   ],
   "token_endpoint_auth_methods_supported":[
      "client_secret_basic",
      "client_secret_post"
   ],
   "subject_types_supported":[
      "public"
   ],
   "id_token_signing_alg_values_supported":[
      "RS256"
   ],
   "code_challenge_methods_supported":[
      "plain",
      "S256"
   ],
   "request_parameter_supported":true
}

两个问题：

1-为什么子域被删除

2-当用户访问SPA应用程序，然后oidc客户端重定向他（使用siginRedirect方法）登录时，找不到它的端点，因为子域再次被删除

谢谢。

默认情况下，Identityserver从请求中推断出原始名称您可以在此处阅读更多Identityserver选项-
您可以将Identityserver配置为使用自定义源

services.AddIdentityServer(options =>
            {

                options.PublicOrigin ="https://mydomain.subdomain.com.br/homol/identity";
            })

谢谢你，firdaus kamaruddin。工作部分，地址是正确的，但我的整个流程不工作。我尝试访问SPA客户端，然后，我重定向到登录页面（此页面已被破坏，但在设置PublicOrigin起作用后），在用户放置信息后，应再次重定向到SPA，但出现错误，因为授权端点没有子域homol/identity