0

I'm deploying an ASP.NET Core 9 Web API using IdentityServer 4 on AWS Elastic Beanstalk with an Application Load Balancer (ALB) and a valid ACM certificate.

What works:

  • SSL certificate is correctly assigned and DNS-validated (ACM)
  • Hitting https://my-domain.com/connect/token returns a valid access token using curl
  • My ASP.NET Core app is using AddJwtBearer() to validate tokens

What's not working: https://my-domain.com/.well-known/openid-configuration

It returns all IdentityServer endpoints with HTTP instead of HTTPS, like:

 "issuer": "https://my-domain.com",
 "token_endpoint": "http://my-domain.com/connect/token",
 "jwks_uri": "http://my-domain.com/.well-known/openid-configuration/jwks",
 ...

Because of the protocol mismatch, my API (and any other client) fails to validate JWT tokens due to OpenID Connect metadata being served with the wrong scheme.

  • Hosting: AWS Elastic Beanstalk with ALB (HTTPS via ACM)
  • App: ASP.NET Core Web API with IdentityServer4
  • Environment: ASPNETCORE_ENVIRONMENT=Development

How can I make IdentityServer return correct HTTPS endpoints in the discovery document (/.well-known/openid-configuration)?

Is there anything else I should configure in IdentityServer options or in the ALB setup to ensure the right scheme is detected?

jonrsharpe
123k30 gold badges275 silver badges487 bronze badges
asked May 19 at 4:34
1

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.