I'm new to IdS4. In my case I have and IdS4 and a Web App using Authorization Code for an interactive authentication method usin Opend Id Connect. Everything works fine locally. The problem is when I publish de IdS4 in a Linux server:
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
I can reach Ids4 urls perfectly using web browser:
https://pruebasids.xxxxx.com/ and https://pruebasids.xxxxx.com/.well-known/openid-configuration/
If I try to use https://pruebasids.xxxxx.com/connect/token to get a token using Client Credentials it works fine.
Here is my code:
Ids Client Configuration:
new Client {
ClientId = "myWebapp",
ClientSecrets = { new Secret( "myPassword.Sha256( ) ) },
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = { "https://localhost:5444/signin-oidc" },
PostLogoutRedirectUris = { "https://localhost:5444/home/index" },
AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile", "myApi.read", "myApi.write", "role" },
RequirePkce = true,
RequireConsent = false,
AllowPlainTextPkce = false
},
Ids4 Startup Configuration
public void ConfigureServices( IServiceCollection services ) {
services.AddDbContext<ApplicationContext>( options =>
options.UseSqlServer( Configuration.GetConnectionString( "myDB" ) )
);
services.AddIdentityServer( )
.AddDeveloperSigningCredential( )
.AddInMemoryApiResources( Config.ApiResources )
.AddInMemoryClients( Config.Clients )
.AddInMemoryIdentityResources( Config.IdentityResources )
.AddInMemoryApiScopes( Config.ApiScopes )
.AddProfileService<ProfileService>( );
services.AddControllersWithViews( );
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure( IApplicationBuilder app, IWebHostEnvironment env ) {
if ( env.IsDevelopment( ) ) {
app.UseDeveloperExceptionPage( );
}
app.UseHttpsRedirection( );
app.UseStaticFiles( );
app.UseRouting( );
app.UseIdentityServer( );
app.UseAuthorization( );
app.UseEndpoints( endpoints => endpoints.MapDefaultControllerRoute( ) );
}
And finally, my Web App startup configuration:
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews().AddJsonOptions(options => options.JsonSerializerOptions.PropertyNamingPolicy = null);
services.AddHttpClient();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookie";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookie", options =>
{
options.AccessDeniedPath = "/home/accessdenied";
})
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "https://pruebasids.xxxxx.com";
options.MetadataAddress = "https://pruebasids.xxxxx.com/.well-known/openid-configuration";
options.ClientId = "myWebapp";
options.ClientSecret = "myPassword";
options.AccessDeniedPath = "/home/accessdenied";
options.SignedOutCallbackPath = "/home/index";
options.ResponseType = OpenIdConnectResponseType.Code;
options.UsePkce = true;
options.ResponseMode = OpenIdConnectResponseMode.Query;
options.SaveTokens = true;
options.Scope.Add("myApi.read");
options.GetClaimsFromUserInfoEndpoint = true;
options.ClaimActions.MapUniqueJsonKey("role", "role", "role");
options.TokenValidationParameters.NameClaimType = "name";
options.TokenValidationParameters.RoleClaimType = "role";
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
Please, any help is welcome.
Thanks
