1

My dev environment, the auth server has an invalid SSL cert. When my client tried to get the OpenId config from https://auth-server/.well-known/openid-configuration I get the following error:

WinHttpException: A security error occurred
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

HttpRequestException: An error occurred while sending the request.
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

IOException: IDX10804: Unable to retrieve document from: 'https://auth-server/.well-known/openid-configuration'.
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever+<GetDocumentAsync>d__8.MoveNext()

InvalidOperationException: IDX10803: Unable to obtain configuration from: 'https://auth-server/.well-known/openid-configuration'.

Here is how I configure IdentityServer4:

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
    .AddIdentityServerAuthentication(options =>
    {
        options.Authority = authority;
        options.SupportedTokens = SupportedTokens.Jwt;
        options.ApiSecret = secret;
        //change this to true for SSL
        options.RequireHttpsMetadata = false;
    });

Is there any way to disable cert validation in this scenario?

Zeus82
  • 6,065
  • 9
  • 53
  • 77
  • If you are in the dev environment, why don't you use http:// auth-server/.well-known/openid-configuration –  Apr 12 '18 at 16:25
  • I'm assuming you mean 'http' instead of 'https'. Unfortunately, I don't have controller over that. – Zeus82 Apr 12 '18 at 16:26
  • It seems to me that this should work: https://stackoverflow.com/questions/42712844/ignore-bad-certificate-net-core –  Apr 12 '18 at 16:32
  • what happnes if you put http://auth-server/.well-known/openid-configuration in a browser with the identity server running? have you checked its logs? – Linda Lawton - DaImTo Apr 13 '18 at 07:23

0 Answers0