Our client application is https://rise-test ,our identity server is https://rise-identity-test and our api host is https://api-internal-test/rise , api gateway is https://api-internal-test and the endpoint are in the rise folder.
We are able to deploy the three services but IdentityServer is throwing error when we try to login: “The cookie 'XSRF-TOKEN' has set 'SameSite=None' and must also set 'Secure'.”
We follow the steps in the article(https://www.thinktecture.com/en/identityserver/prepare-your-identityserver/) and still the issue is not resolved.
How do we solve this error?
9 Answer(s)
-
0
hi
You can try this.
https://community.abp.io/posts/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n
-
0
hi
You can try this.
https://community.abp.io/posts/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n
Ours is an tiered application with Blazor Web Assembly as UI framework. • ABP Framework version: v5.3 • UI type: / Blazor Web Assembly / • DB provider: EF Core / • Tiered : Yes • Identity Server Separated : yes / • Exception message and stack trace: • Steps to reproduce the issue:"
Can you please give example of Blazor Web Assembly like you have given for MVC ? Also do we need to make any change in API Host and Identity Server?
-
0
hi
The changes only need to applied to Identity Server(AuthServer) project
-
0
hi
The changes only need to applied to Identity Server(AuthServer) project
Hi Thanks we incorporated the changes suggested.
It is getting redirected but getting the error message "There was an error trying to log you in: ''
Also in console we are getting error below error even though all the 3 (website, api host and Identity server) are over 'https'.
Can you please tell us how to resolve this and why some of the requests are insecure?
Mixed Content: The page at 'https://rise-test/' was loaded over HTTPS, but requested an insecure frame 'http://rise-identity-test.sgicorp.spencergifts.com/connect/authorize?client_id=RISE_Blazor&redirect_uri=https%3A%2F%2Frise-test%2Fauthentication%2Flogin-callback&response_type=code&scope=openid%20profile%20RISE%20role%20email%20phone&state=52bcc667a3b346f3b6f70b1d9e38929b&code_challenge=P8RPS34_eQ4cHuZXNxGRmfworoCtvaI0k7AIt4sBHU4&code_challenge_method=S256&prompt=none&response_mode=query'. This request has been blocked; the content must be served over HTTPS.
global.js?_v=637880399805903225:2 Mixed Content: The page at 'https://rise-test/authentication/login-callback?code=FAE159889501FA1719F428CAD642F83F429C27086C08D55310E4A7A5E4AB2DAD&scope=openid%20profile%20RISE%20role%20email%20phone&state=2b0797b0a3804fa49d3a7fc4493b568a&session_state=7IqqdQEVs3zbQNv46CuPS1gCuyZA51BilFQMDU1uadc.D67B5AC93067272E0AFFDCEA0881964A' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://rise-identity-test.sgicorp.spencergifts.com/connect/token'. This request has been blocked; the content must be served over HTTPS.
-
0
hi
Please check the URLs in your
appsettings.json, Maybe some are start with http -
0
hi
Please check the URLs in your
appsettings.json, Maybe some are start with httpWe check all all our url are https: in appsettings(Web, API Host and Identity Server) In below tables also we have uri's as https:// SELECT * FROM [dbo].[IdentityServerClients]
SELECT * FROM [dbo].[IdentityServerClientRedirectUris]
SELECT * FROM [dbo].[IdentityServerClientPostLogoutRedirectUris]
SELECT * FROM [dbo].[IdentityServerClientCorsOrigins]
We are able to authorize and call the API's from swagger and also we are able to login from Identity Server url.
Question: Why it is not able to login from Blazor web app? and why it is giving "There was an error trying to log you in: ''??
-
0
There was an error trying to log you in:
What are the error logs of the backend? Can you reproduce the problem with a new template? Are you using Docker?
-
0
There was an error trying to log you in:
What are the error logs of the backend? Can you reproduce the problem with a new template?
Are you using Docker?We have deployed WebApp, API and Identity server in kubernetes Cluster.
We have not tried new template as this is a application under development and we are able to deploy to Azure(Web, API and Identity Server) .But the problem is when we deploy to kubernetes Cluster we are facing problems with Login.
-
0
hi
I think it may be that some configuration of kubernetes causes the application to use the http protocol. I am not familiar with kubernetes, you can check it.
