OIDC doesn't support multiple domains

[WnP]

Expected behavior and actual behavior:

Allow OIDC client to support multiple domains.

Context

Two replicated Harbor instances, such as:

• a.harbor.domain.tld
• b.harbor.domain.tld

The live instance running under harbor.domain.tld with failover between the two instances in case one of them is unavailable.

In this context, both OIDC settings of Harbor instances require both domains:

• a.harbor.domain.tld and harbor.domain.tld
• b.harbor.domain.tld and harbor.domain.tld

This way the failover would be smooth and both instances would be accessible via both domains with OIDC support.

The issue

Currently this is not possible because the redirect URL is calculated using extEndpoint.

[reasonerjt]

Could you please elaborate on what you mean by In this context, both OIDC settings of Harbor instances require both domains?

For fail-over case, I assume one domain harbor.domain.tld is sufficient?

[WnP]

If you have a fail over instance that means you also have replication setup between both instances.

So one domain (harbor.domain.tld) is used for the fail over, while the other one ([a|b].harbor.domain.tld) is used for replication and other ops task (terraform, etc.).