Configure IssuerUri for IdentityServer on webfarms
Describes the purpose of IssuerUri and presents implementation considerations.
The purpose of the IssuerUri option on the IdentityServer is to create tokens and generate the TokenValidationParameters. On token generation, the values for token audience and the issuer is set from the IssuerUri option. On token validation audienceUri is created from the IssuerUri. It doesn't have to be a valid URI, it can be something unique to your company.
A common implementation mistake is made when setting the IdentityServerUrl. If it is set in the app.config to the IP address of the server, then each server would have a unique issuer uri on the access token. If the request is then redirected to a server where the access token doesn't exist, a token error is generated. To correct this, configure the issuerUri with the same values on each server across the webfarm.
Updated 11 months ago