Redirecting to internal url after login instead of public origin

[n-junge]

I'm using the AspNetCore2 package for a service behind a reverse proxy.

My service authenticates successfully, but then it redirects from the /saml/acs to the internal URL instead of the as PublicOrigin defined url.

options.SPOptions.EntityId = new EntityId("https://service.company.com");
options.SPOptions.ReturnUrl = new Uri("https://service.company.com/?singlesignon=true");
options.SPOptions.PublicOrigin = new Uri("https://service.company.com");

options.SPOptions.ModulePath = "/saml";

options.IdentityProviders.Add(new IdentityProvider(new EntityId("..."), options.SPOptions)
{
	LoadMetadata = true,
	MetadataLocation = "...",
	SingleSignOnServiceUrl = new Uri(".."),
	Binding = Saml2BindingType.HttpPost,
});

For the above code, the service is running on "https://proxy:9999" and available via "https://service.company.com/subsite".

When visiting "https://service.company.com" I'm authenticated and then from "https://service.company.com/saml/acs" redirected to "https://proxy:9999/subsite" instead of "https://service.company.com/subsite".

[JessieWadman]

This issue also affects TLS terminating load balancers, where the redirect immediately after completing a sign-in will cause a https to http downgrade (for the same reason as you are getting the wrong host in the redirect).