Cluster configuration with IdentityServer4 #3340 | Support

mattw@agilenova.com created 2 years ago

I have deployed a dockerized, monolith deployment of ABP to an AKS cluster. When running with 1 pod, everything works. When I have > 1 pods behind a load balancer, I start getting JWT invalid / 401 errors for some requests. I am using IdentityServer4 with the default configuration.

I have enabled Redis by adding the Volo.Abp.Caching.StackExchangeRedis to my .Web csproj and updating appsettings.json to include:

"Redis": { 
 "IsEnabled": "true",
 "Configuration": "xxx.redis.cache.windows.net:6380,password=..."
}

My XXXAppWebModule.cs enables IDS using:

app.UseIdentityServer();

Is there anything else that I need to do to properly enable IDS in a clustered environment or have I completed the necessary steps?

CONFIGURATION:

ABP Framework version: v5.2.1
UI type: MVC
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): no (monolith)

Thanks, Matt

1 Answer(s)

liangshiwei created 2 years ago

Support Team Fullstack Developer

Hi,

You can try to persist IDS protection keys to the Redis.

var dataProtectionBuilder = context.Services.AddDataProtection().SetApplicationName("MyProjectName");
if (!hostingEnvironment.IsDevelopment())
{
    var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]);
    dataProtectionBuilder.PersistKeysToStackExchangeRedis(redis, "MyProjectName-Protection-Keys");
}

Have an answer to this question? Log in and write your answer.