I'm running WSO2 5.7.0, using OIDC with the Implicit Flow. I have set the context root to wso2-is
, so the authorize endpoint is located at http://MY_DOMAIN/wso2-is/oauth2/authorize
. When I begin the flow with a GET call to the oauth2/authorize
endpoint, I am redirected to http://MY_DOMAIN/authenticationendpoint/login.do?client_id=MY_CLIENT_ID&commonAuthCallerPath=%2Foauth2%2Fauthorize...
.
The problem is that it drops the context root and so later in the Implicit Flow I am (incorrectly) redirected to http://MY_DOMAIN/oauth2/authorize
, which fails because that URL lacks the context root of wso2-is
. How/where in the code is the commonAuthCallerPath
parameter set?
As per the official documentation, using a reverse proxy is the recommended way to add a custom context path to wso2 products.
If you are not going to use a reverse proxy, I would suggest the following steps to add a custom context path. But, note that I have tested basic authentication with oauth2/oidc only.
- Set
WebContextRoot
in repository/conf/carbon.xml
to /wso2-is
to change the context path of the carbon management console
- Set
ProxyContextPath
in repository/conf/carbon.xml
to /wso2-is
- Rename
oauth2.war
and authenticationendpoint.war
in repository/deployment/server/webapps/
by adding a prefix wso2-is#
Update repository/conf/indeitiy/identity.xml
all the relevent instances of the following pattern by adding the context path /wso2-is
after the port
${carbon.protocol}://${carbon.host}:${carbon.management.port}/xxxxx
to
${carbon.protocol}://${carbon.host}:${carbon.management.port}/wso2-is/xxxxx
Update AuthenticationEndpointURL
, AuthenticationEndpointRetryURL
and AuthenticationEndpointMissingClaimsURL
values in repository/conf/identity/application-authentication.xml
by adding /wso2-is
prefix
Restart the Identity Server
Do not forget that, this is not the recommended way in the documentation.