<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:"Segoe UI Semibold";
panose-1:2 11 7 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
code
{mso-style-priority:99;
font-family:"Courier New";}
p.elementtoproof, li.elementtoproof, div.elementtoproof
{mso-style-name:elementtoproof;
margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1994480943;
mso-list-template-ids:1334735872;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style>
</head>
<body lang="FR" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">This is the expected behaviour. You need to find an external mechanism to associate the node IP with the service url outside Midpoint, with a load balancer, or another dns mechanism. You can for
example use a local cookie with the desired node name and an haproxy rule that routes you to it with the cookie’s value.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">We didn’t implement this as we use a 2 nodes cluster (kind of active/backup for the access, both nodes runs tasks). But it may be easier with other load balancers.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">I let community answer but I think there is no other option in Midpoint.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">De :</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> midPoint <midpoint-bounces@lists.evolveum.com>
<b>De la part de</b> midpoint@lists.evolveum.com<br>
<b>Envoyé :</b> jeudi 12 mars 2026 16:08<br>
<b>À :</b> MidPoint General Discussion <midpoint@lists.evolveum.com><br>
<b>Cc :</b> Marie Ioannou <marie.ioannou@itconcepts.ch><br>
<b>Objet :</b> [midPoint] midPoint cluster login on node-specific hostnames<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;background:#FDF2F4;border-collapse:collapse">
<tbody>
<tr>
<td style="border:none;border-left:solid darkred 4.5pt;padding:3.75pt 7.5pt 3.75pt 7.5pt">
<p><span style="font-size:9.0pt;font-family:"Segoe UI Semibold",sans-serif;color:darkred">VIGILANCE : message provenant d'un expéditeur externe à Enedis.<o:p></o:p></span></p>
<p><span style="font-size:9.0pt;font-family:"Segoe UI Semibold",sans-serif;color:black">N'ouvrez les pièces jointes, les liens associés et ne répondez que si vous êtes absolument certain de la légitimité de l'expéditeur.<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><br>
<o:p></o:p></p>
<div style="margin-top:12.0pt;margin-bottom:12.0pt">
<p class="MsoNormal"><span style="color:black">Hello,<o:p></o:p></span></p>
</div>
<p class="elementtoproof"><span style="color:black">I am running a midPoint 4.8.10 cluster with three nodes sharing the same repository.<o:p></o:p></span></p>
<p class="elementtoproof"><span style="color:black">Public URLs:<o:p></o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li class="elementtoproof" style="color:black;mso-list:l0 level1 lfo1"><a href="https://midpoint.example.com/midpoint">https://midpoint.example.com/midpoint</a> (main / load-balanced)<o:p></o:p></li><li class="elementtoproof" style="color:black;mso-list:l0 level1 lfo1"><a href="https://midpoint-node2.example.com/midpoint">https://midpoint-node2.example.com/midpoint</a><o:p></o:p></li><li class="elementtoproof" style="color:black;mso-list:l0 level1 lfo1"><a href="https://midpoint-node3.example.com/midpoint">https://midpoint-node3.example.com/midpoint</a><o:p></o:p></li></ul>
<p class="elementtoproof"><span style="color:black">I need the </span><code><span style="font-size:10.0pt;color:black">publicHttpUrlPattern</span></code><span style="color:black"> in the infrastructure config for the OIDC redirect URI to work with the IdP,
but this seems to prevent accessing individual nodes directly.<o:p></o:p></span></p>
<p class="elementtoproof"><span style="color:black">Indeed, when accessing a node directly, for example:<o:p></o:p></span></p>
<p class="elementtoproof"><span style="color:black"><a href="https://midpoint-node2.example.com/midpoint/login?0">https://midpoint-node2.example.com/midpoint/login?0</a><o:p></o:p></span></p>
<p class="elementtoproof"><span style="color:black">or<o:p></o:p></span></p>
<p class="elementtoproof"><span style="color:black"><a href="https://midpoint-node2.example.com/midpoint/auth/emergency">https://midpoint-node2.example.com/midpoint/auth/emergency</a><o:p></o:p></span></p>
<p class="elementtoproof"><span style="color:black">the request reaches the node but midPoint immediately redirects to the canonical URL:<o:p></o:p></span></p>
<p class="elementtoproof"><span style="color:black"><a href="https://midpoint.example.com/midpoint/">https://midpoint.example.com/midpoint/</a>...<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<p class="elementtoproof"><span style="color:black">Is it possible in a clustered setup to access a specific node directly (either via OIDC or via the emergency/auth path) while keeping OIDC active, without being redirected to the canonical hostname?<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<p class="elementtoproof"><span style="color:black">Thanks.<o:p></o:p></span></p>
<div id="Signature">
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="background:white;border-collapse:collapse;box-sizing: border-box;border-spacing: 0px" id="table_0">
<tbody>
<tr style="height:49.0pt">
<td width="229" style="width:171.9pt;padding:0cm 0cm 4.5pt 0cm;height:49.0pt;box-sizing: border-box">
<p class="elementtoproof" style="margin-bottom:8.0pt"><b><span style="font-family:"Calibri",sans-serif;color:black">Dr. Marie Ioannou</span></b><span style="font-family:"Calibri",sans-serif;color:black"> </span><span style="font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="elementtoproof" style="margin-bottom:8.0pt"><span style="font-family:"Calibri",sans-serif;color:black">IAM Consultant </span><o:p></o:p></p>
</td>
<td width="157" style="width:117.9pt;padding:0cm 0cm 0cm 0cm;height:49.0pt;box-sizing: border-box">
<p class="elementtoproof"><span style="font-family:"Calibri",sans-serif;color:black"> </span><span style="color:black"><a href="https://www.itconcepts.ch/" title=""https://www.itconcepts.ch/""><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#337AB7;text-decoration:none"><img border="0" width="150" height="40" style="width:1.5625in;height:.4166in" id="x__x005f_x0000_i1032" src="cid:image001.png@01DCB2C7.02A89170" alt="itc-logo"></span></a></span><span style="font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
</td>
</tr>
<tr style="height:16.2pt">
<td width="229" colspan="2" style="width:171.9pt;padding:0cm 0cm 0cm 0cm;height:16.2pt;box-sizing: border-box">
</td>
</tr>
</tbody>
</table>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
</div>
</div>
</body>
</html>