When accessing RedirectToLogin from the service under tlb inside the enterprise, the wrong proxy ip address will appear as the callback host

[chyroc]

I deployed a service and printed the header information of the request. The X-Forwarded-Host field is an ip, which is frustrating

https://github.com/go-cas/cas/blob/v2.2.2/client.go#L113

Then the RedirectToLogin function 302 to the sso.xx.com/cas/login?service=10.x.x.x:1234/cas address, which is not the same as the callback address I set in the enterprise, resulting in authentication failure

Can we set the redirected host in some way?

[geoffgarside]

Looks like whatever is setting your X-Forwarded-Host header isn't behaving correctly, this header is intended to contain

The X-Forwarded-Host (XFH) header is a de-facto standard header for identifying the original host requested by the client in the Host HTTP request header.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host

if the Host header you're seeing on the request is correct, can you get the X-Forwarded-Host header stripped before it arrives to the CAS protected service?