Skip to content

IdentityServer support for disabling SSL for proxy server and load balancing scenarios

October 23, 2013

By default, IdentityServer requires SSL (for obvious reasons). But there are scenarios where IdentityServer might be deployed behind a load balancer or proxy server. In those situations it might be desirable to relax the SSL requirement in IdentityServer. I’m pleased to announce that this is now supported (with some configuration). You can read the details of the configuration from the docs.

Enjoy.

8 Comments leave one →
  1. Sam permalink
    October 23, 2013 1:14 pm

    when will the next release of the IdentityServer be available that will incorporate this functionality?

  2. October 14, 2014 1:02 pm

    The DisableSSL flag removes the redirect filter, but what about the cookies? My goal is to set up a dev env wihtout SSL, and I found that to get this working I had to set requireSsl=”false” on the federationConfiguration cookieHandler in identityServices.config. This works great for signing in and SSO, but then there is the cookie holding global sign out endpoints. This is not configurable. Could it not be set to the same configuration value? I think these cookies should follow the same security settings.

    See my related issue: https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/812

    I guess this works behind a load balancer terminating SSL, but it would be nice if we could configure it for dev, with no SSL at all.

    • October 17, 2014 9:22 am

      Yes, good points and thanks for submitting an issue on github — we’ll track it there.

      • Hans Arne permalink
        October 17, 2014 9:30 am

        I added a pull request with a simple suggested solution. :-)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: