In /etc/rstudio/rserver.conf I think following the fixed setting.
auth-openid-issuer=https://op.example.com
Which will run the json file from https://op.example.com/.well-known/openid-configuration.json. Is it possible to change to a different URL (domain) of "issuer" in openid-configuration.json? I want to display the login screen created by me.
Here authorization_endpoint is running a different API Gateway domain than Idp. Therefore, opennid-configuration.json refers to a domain different from Idp. I would like to separate it from issuer on the Idp side.
When I tried to separate It than i got a log like follows :-
18 Jan 2021 07:07:23 [rserver-monitor] ERROR 18 Jan 2021 07:07:23 [rserver] ERROR OpenID failed with error: oidc: id token issued by a different provider, expected "https://op.example.com" got "https://cognito-idp.ap-northeast-1.amazonaws.com/ap-northeast-1_XXXXXXXX"; LOGGED FROM: void rstudio::server::openid_auth::{anonymous}::writeResponse(rstudio_boost::shared_ptr<rstudio::core::http::AsyncConnection>, const rstudio::core::http::Response&) src/cpp/server/openid_auth/ServerOpenIDAuth.cpp:147|||
18 Jan 2021 07:07:23 [rserver-monitor] ERROR 18 Jan 2021 07:07:23 [rserver] ERROR rserver-openid: OpenID handling error trying to obtaining id token: oidc: id token issued by a different provider, expected "https://op.example.com" got "https://cognito-idp.ap-northeast-1.amazonaws.com/ap-northeast-1_XXXXXXXX"; LOGGED FROM: void rstudio::server::ProcessMonitor::onProcessStderr(rstudio::server::ProcessMonitor::Process, const string&) src/cpp/server/ServerProcessMonitor.cpp:247|||
I had tried to do it in diferent way but failed . I also asked cognito if I could change ID token Url but Cognito doesn`t allows that.
I hope I get helped here .
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
