How do I implement a reverse proxy for the Okta sign in widget?

Questions
1

Hello,

I’m trying to implement a reverse proxy for the Okta sign in widget in a Blazor app.
I have created a blazor app based on https ://github.com/okta/samples-blazor/tree/master/server-side/okta-hosted-login.

For the reverse proxy I have implemented the following URL Rewrite rule in IIS Manager:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
		<urlCompression doStaticCompression="false" doDynamicCompression="false" />
        <rewrite>
            <rules>
				<rule name="ABC" enabled="true" stopProcessing="true">
                    <match url="^wsa/(.*)" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                        <add input="{CACHE_URL}" pattern="^(.+)://" />
                    </conditions>
                    <action type="Rewrite" url="{C:1}://localhost:5000/abc/{R:1}" logRewrittenUrl="true" />
                </rule>	
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

This would send requests from http ://localhost/abc to http ://localhost:5000.
The app is running on http ://localhost:5000. Going to http ://localhost/abc forwards me to the app. So the URL rewrite seems to be working.
When forwarding to the Okta widget something seems to go amiss however.

When I click on login on the app running on http ://localhost:5000 I get redirected to the Okta widget through this URL:

https://{my_org}.okta.com/oauth2/default/v1/authorize?client_id={client_id}&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fauthorization-code…

And I can login and get redirected back to my app with an authenticated user.

When I click on login on the app running on http ://localhost/abc I get redirected to the Okta widget through this URL:

http ://localhost/oauth2/default/v1/authorize?client_id={client_id}&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fabc%2Fauthorization-code…

And I see a “HTTP Error 404.0 - Not Found” screen with the following detailed error information:

Module IIS Web Core
Notification MapRequestHandler
Handler StaticFile
Error Code 0x80070002
Requested URL http ://localhost:80/oauth2/default/v1/authorize?client_id={client_id}&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fabc%2Fauthorization-code…
Physical Path C:\inetpub\wwwroot\oauth2\default\v1\authorize
Logon Method Anonymous
Logon User Anonymous

I don’t understand what is going wrong with the redirect to the Okta widget and how to fix this.

NOTE: The spaces are added in the URL’s because I can’t post links as a new user.

2

So I found an answer here https ://stackoverflow.com/questions/61623799/blazor-server-reverse-proxy-with-authentication

Just in case that answer gets deleted for anyone experiencing the same. Here is a copy of the answer.

In IIS Manager, Select the current server (not the website), open Application Request Routing, and on the right hand column there will be an option Server Proxy Settings. There you will see “Reverse rewrite host in response headers” option. If that is checked - uncheck it and your problem should be solved.

1 Like
3

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.