[BUG] HTTPSERVER_HOSTNAME env variable not used in redirect_uri for OAuth

[sebekmartin]

Describe the Bug

We are experiencing issue, when we setup OAuth using Okta as provider. We went step by step with the documentation. The authentication is working, but the redirect_uri send by EJBCA is localhost. Because of that, the login does not work correctly.

Our setup is Traefik as reverse proxy in front of EJBCA container. I tried to find something, how to change the redirect_uri but did not find anything.

My only problem is that redirect uri. I had to add localhost to Okta to test it, but after each login I am redirected to localhost and I have to rewrite the URL to access EJBCA.

To Reproduce

Steps to reproduce the behavior:

1. Go to URL of EJBCA instance (public FQDN)
2. Click on sign in with Okta
3. I am redirected to Okta login, which is sucessfull
4. I get redirected to https://localhost/ejbca/adminweb....
5. If i rewrite the localhost to my FQDN and keep the rest of URL, then I am sucesfully sign-in into EJBCA

Expected Behavior

I expect, that after sucesfull signin, I will be redirected to my FQDN of EJBCA instance.

Screenshots and Logs

Product Deployment

Please complete the following information:

• Deployment format: container
• Version 9.3.7
• we have HTTPSERVER_HOSTNAME set to our FQDN (without https://)

Desktop

Please complete the following information:

• OS: windows, macOS
• Browser edge, safari
• Version edge 145

[sebekmartin]

I was able to solve that by filling httpserver.hostname=<> into web.properties file, but I believe, that should happen automatically using HTTPSERVER_HOSTNAME env variable.

[sebekmartin]

Hello Tomas, even if I solved the consequences, I still think that this should not be an issue when the HTTPSERVER_HOSTNAME variable is set up in env variables of the container. So I would not call this issue closed. More like we have a workaround.

[vomikeska]

Can we open the issue? @primetomas

[primetomas]

If you can change the title to description of the issue.

[sebekmartin]

Hello @primetomas,
thank you. I have updated the title of issue. Can you check if this title is OK?

[primetomas]

Sounds good.

[primetomas]

Can you provide a screenshot of OAuth configuration in EJBCA? Since you mention redirect_uri, did you configure step 12 on https://docs.keyfactor.com/ejbca/9.4.2/setting-up-oauth-using-okta?

[vomikeska]

Hi @primetomas
The localhost redirect URI "localhost" we added here because we need to test it. Of course, we configured it as shown in step 12.