I'm running WSO2 5.7.0, using OIDC with the Implicit Flow. I have set the context root to wso2-is, so the authorize endpoint is located at http://MY_DOMAIN/wso2-is/oauth2/authorize. When I begin the flow with a GET call to the oauth2/authorizeendpoint, I am redirected to http://MY_DOMAIN/authenticationendpoint/login.do?client_id=MY_CLIENT_ID&commonAuthCallerPath=%2Foauth2%2Fauthorize....

The problem is that it drops the context root and so later in the Implicit Flow I am (incorrectly) redirected to http://MY_DOMAIN/oauth2/authorize, which fails because that URL lacks the context root of wso2-is. How/where in the code is the commonAuthCallerPath parameter set?

As per the official documentation, using a reverse proxy is the recommended way to add a custom context path to wso2 products.

If you are not going to use a reverse proxy, I would suggest the following steps to add a custom context path. But, note that I have tested basic authentication with oauth2/oidc only.

1. Set WebContextRoot in repository/conf/carbon.xml to /wso2-is to change the context path of the carbon management console
2. Set ProxyContextPath in repository/conf/carbon.xml to /wso2-is
3. Rename oauth2.war and authenticationendpoint.war in repository/deployment/server/webapps/ by adding a prefix wso2-is#

4. Update repository/conf/indeitiy/identity.xml all the relevent instances of the following pattern by adding the context path /wso2-is after the port ${carbon.protocol}://${carbon.host}:${carbon.management.port}/xxxxx to ${carbon.protocol}://${carbon.host}:${carbon.management.port}/wso2-is/xxxxx

5. Update AuthenticationEndpointURL, AuthenticationEndpointRetryURL and AuthenticationEndpointMissingClaimsURL values in repository/conf/identity/application-authentication.xml by adding /wso2-is prefix

6. Restart the Identity Server

Do not forget that, this is not the recommended way in the documentation.