[mitreid-connect] MitreID Connect Server behind an API Manager
Luiz Omori
luiz.omori at duke.edu
Fri Jun 23 16:15:46 EDT 2017
We are investigating the possibility of putting an MitreID instance behind an API Manager. The latter for the purpose of this discussion would be just a reverse proxy.
We had some success by changing the issuer in server-config.xml, and the login-page/authentication-failure configurations in user-context.xml:
<security:form-login login-page="https://hmp-catsbuild01.dhe.duke.edu:8643/patient-openid-connect/login" authentication-failure-url="https://hmp-catsbuild01.dhe.duke.edu:8643/patient-openid-connect/login?error=failure" authentication-success-handler-ref="authenticationTimeStamper" />
Is that OK? Also, we found an issue and are stuck. The login page is loaded correctly from the API Manager, however the approval page is loaded straight from the server where MitreID is running. Interesting that if the user is already authenticated in the browser, the server will redirect straight to the approval page and correctly uses the API Manager address. Does anybody know where the code is that after a successful authentication sends the client to the approval page? I’m curious about the logic to figured out the approval page address.
Regards,
Luiz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20170623/9574d408/attachment.html
More information about the mitreid-connect
mailing list