[midPoint] midPoint cluster login on node-specific hostnames
BECOT Jerome - externe
jerome-externe.becot at enedis.fr
Fri Mar 13 09:14:02 CET 2026
Hello,
This is the expected behaviour. You need to find an external mechanism to associate the node IP with the service url outside Midpoint, with a load balancer, or another dns mechanism. You can for example use a local cookie with the desired node name and an haproxy rule that routes you to it with the cookie's value.
We didn't implement this as we use a 2 nodes cluster (kind of active/backup for the access, both nodes runs tasks). But it may be easier with other load balancers.
I let community answer but I think there is no other option in Midpoint.
Regards
De : midPoint <midpoint-bounces at lists.evolveum.com> De la part de midpoint at lists.evolveum.com
Envoyé : jeudi 12 mars 2026 16:08
À : MidPoint General Discussion <midpoint at lists.evolveum.com>
Cc : Marie Ioannou <marie.ioannou at itconcepts.ch>
Objet : [midPoint] midPoint cluster login on node-specific hostnames
VIGILANCE : message provenant d'un expéditeur externe à Enedis.
N'ouvrez les pièces jointes, les liens associés et ne répondez que si vous êtes absolument certain de la légitimité de l'expéditeur.
Hello,
I am running a midPoint 4.8.10 cluster with three nodes sharing the same repository.
Public URLs:
* https://midpoint.example.com/midpoint (main / load-balanced)
* https://midpoint-node2.example.com/midpoint
* https://midpoint-node3.example.com/midpoint
I need the publicHttpUrlPattern in the infrastructure config for the OIDC redirect URI to work with the IdP, but this seems to prevent accessing individual nodes directly.
Indeed, when accessing a node directly, for example:
https://midpoint-node2.example.com/midpoint/login?0
or
https://midpoint-node2.example.com/midpoint/auth/emergency
the request reaches the node but midPoint immediately redirects to the canonical URL:
https://midpoint.example.com/midpoint/...
Is it possible in a clustered setup to access a specific node directly (either via OIDC or via the emergency/auth path) while keeping OIDC active, without being redirected to the canonical hostname?
Thanks.
Dr. Marie Ioannou
IAM Consultant
[itc-logo] <https://www.itconcepts.ch/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260313/39c20580/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 8803 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260313/39c20580/attachment-0001.png>
More information about the midPoint
mailing list