I am trying to get IdentityServer 4 running in a two-node ARR setup. I have other two-node Web applications configured but IdentityServer doesn't want to play nice. The servers are setup for HTTPS only. When I had it in a single site everything was fine, and all requests were https://... But in the ARR setup the requests start like:
https://identityserver.local/.well-known/openid-configuration http:/identityserver.local/connect/authorize?client_id=....
The second request results in a 404. When I have it as a regular single site, that second request is:
https:/identityserver.local/connect/authorize?client_id=....
Why is it http instead of https when running with ARR?
The solution for this one 2-step: First I fixed the Forwarded headers:
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedProto;
});
Next, configure data protection so that the encryption keys are shared by different instances of the app.
services.AddDataProtection()
.SetApplicationName("MyAspNetCoreSample")
.PersistKeysToFileSystem(new DirectoryInfo(@"path\to\shared\folder"));
Hope this helps someone.