Open Closed

How to configure tenant resolver in order to determine current tenant by the whole domain? #5650


User avatar
0
datdv1 created

Hi ABP Support Team! We a using abp commercial

UI framework: angular

ABP Version: 7.3.2

Data access: MongoDB

Deployment: Azure Kubenetes Service

Template type: Application template, separate Authen Project

Currently, I'm Following and configured in angular application with document: https://docs.abp.io/en/abp/latest/UI/Angular/Multi-Tenancy

When access to host tenant, it is working, however when access on tenant, it is not working. It cannot resolver issuer domain. Can you help me for this? I think because the Authen project has set config issuer domain, is that the problem?

Here is the configmap authen:

Here is the configmap angular:

Here is the configmap Host project:

Here is the configmap Authproject:


56 Answer(s)
  • User Avatar
    0
    datdv1 created

    Hi mahmut.gundogdu! Can you help me for this?

  • User Avatar
    0
    mahmut.gundogdu created

    Hi mahmut.gundogdu! Can you help me for this?

    Hi I am trying to produce.I have produced. In my senario, the backend did not resolve the tenant. So I am looking the issue. I will send the solution.

  • User Avatar
    0
    datdv1 created

    Hi mahmut.gundogdu!
    Can you help me for this?

    Hi I am trying to produce.I have produced. In my senario, the backend did not resolve the tenant. So I am looking the issue. I will send the solution.

    I'm looking forward to your response! Thank you verry much!

  • User Avatar
    0
    datdv1 created

    Hi mahmut.gundogdu Currentlt, I'm using PreConfigure with AbpOpenIddictWildcardDomainOptions. when access to tenant, It is woking resolver issuer with current tenant, However it is not https protocol.

    code is my solution:

    do you think it work?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I will confirm this. : )

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    You can try only to keep one domain, It works for me.

  • User Avatar
    0
    datdv1 created

    Hi maliming!

    In my case, api server are working as expected However, angular from tenant cannot resolve issuer domain. Please support me about this case

    Here the configure in Angular application:

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The below JSON response means the tenant resolves is works. Can you share an online website URL so we can test it online?

  • User Avatar
    0
    datdv1 created

    Hi maliming! I send for you my domain information.

    host : ticoplatform.com tenant: ticogroup.com

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    What is the angular url?

    I need to reproduce the issue.

  • User Avatar
    0
    datdv1 created

    this is angular url: host : https://ticoplatform.com tenant: https://ticogroup.com

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    btw you can only call AddDomainTenantResolver once. Otherwise one of them will not work

  • User Avatar
    0
    datdv1 created

    Hi maliming! Can you explain it to me in more detail?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    The DomainTenantResolveContributor always breaks the resolve process. It always has a tenant value.

    So the second one will not be working anymore.

    https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.AspNetCore.MultiTenancy/Volo/Abp/AspNetCore/MultiTenancy/DomainTenantResolveContributor.cs#L36

    You can add your DomainTenantResolveContributor to change this behavior.

  • User Avatar
    0
    datdv1 created

    Hi maliming! Yea, I added custom resolver domain class

    Here is the my code:

    Can you help me see it?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The key point is: If you confirm you have found a valid tenant, then set context.Handled = true; and return a tenant name.

  • User Avatar
    0
    datdv1 created

    Hi maliming! Yea, I'm sure Handle variable has set value equals true and return a tenant name.

    You can see the screen shot!

  • User Avatar
    0
    datdv1 created

    Hi maliming! I add this like below code. But I'm having problem on anglar application. Still the same problem I mentioned above.

    Can you help me for this?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You don't need to clear all the resolvers.

    You can add your Contributor after CurrentUserTenantResolveContributor

    options.TenantResolvers.InsertAfter(
        r => r is CurrentUserTenantResolveContributor,
        new DomainTenantResolveContributor(domainFormat)
    );
    

    Please output some logs in your Contributor then check the logs to see what happened.

  • User Avatar
    0
    datdv1 created

    Hi maliming Before, I used Template Application when crete solution with single tenant. When angular application get API /.well-known/openid-configuration, the reponse is urls

    example:

    "issuer": "http://testing-auth.ticogroup.com/", "authorization_endpoint": "http://testing-auth.ticogroup.com/connect/authorize", "token_endpoint": "http://testing-auth.ticogroup.com/connect/token", "introspection_endpoint": "http://testing-auth.ticogroup.com/connect/introspect", "end_session_endpoint": "http://testing-auth.ticogroup.com/connect/logout", "revocation_endpoint": "http://testing-auth.ticogroup.com/connect/revocat", "userinfo_endpoint": "http://testing-auth.ticogroup.com/connect/userinfo", "device_authorization_endpoint": "http://testing-auth.ticogroup.com/device", "jwks_uri": "http://testing-auth.ticogroup.com/.well-known/jwks",

    As you see, all url have http protocol. So I configure PreConfigure OpenIddictServerBuilder to set fixed value urls with https protocol

    Here is the my code:

    builder .SetAuthorizationEndpointUris(configuration["AuthServer:Authority"] + "/connect/authorize", "/connect/authorize", configuration["AuthServer:Authority"] + "/connect/authorize/callback", "/connect/authorize/callback") // /.well-known/oauth-authorization-server // /.well-known/openid-configuration //.SetConfigurationEndpointUris() // /.well-known/jwks .SetCryptographyEndpointUris(configuration["AuthServer:Authority"] + "/.well-known/jwks", "/.well-known/jwks") .SetDeviceEndpointUris(configuration["AuthServer:Authority"] + "/device", "/device") .SetIntrospectionEndpointUris(configuration["AuthServer:Authority"] + "/connect/introspect", "/connect/introspect") .SetLogoutEndpointUris(configuration["AuthServer:Authority"] + "/connect/logout", "/connect/logout") .SetRevocationEndpointUris(configuration["AuthServer:Authority"] + "/connect/revocat", "/connect/revocat") .SetTokenEndpointUris(configuration["AuthServer:Authority"] + "/connect/token", "/connect/token") .SetUserinfoEndpointUris(configuration["AuthServer:Authority"] + "/connect/userinfo", "/connect/userinfo") .SetVerificationEndpointUris(configuration["AuthServer:Authority"] + "/connect/verify", "/connect/verify");

    Currently, My Project is implementing multiteancy and resolver tenant with domain.

    Host: angualr: https://ticoplatform.com authen: https://testing-auth.ticoplatform.com api: https://testing-api.ticoplatform.com

    tenant: angualr: https://ticogroup.com authen: https://testing-auth.ticogroup.com api: https://testing-api.ticogroup.com

    So above code cannot work, Because above code has fixed value. Can you guild for me any solution for automatic resolve value with tenant and https protocol. Because domain not contains https protocol the angular application have blocked domain.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    As you see, all url have http protocol.

    You can add a middleware force set the scheme as https

    app.Use((httpContext, next) =>
    {
        httpContext.Request.Scheme = "https";
        return next();
    });
    
  • User Avatar
    0
    datdv1 created

    Hi maliming! Thank you for supporting me! My Authen service can automaticaly resolve issuer with tenant name and protocol is https But I cannot login on tenant (angular application). After that login successfully, you can see API get token is successfully. But I cannot redirect to home page on angular application.

    Host:
    angualr: https://ticoplatform.com
    authen: https://testing-auth.ticoplatform.com
    api: https://testing-api.ticoplatform.com
    
    tenant:
    angualr: https://ticogroup.com
    authen: https://testing-auth.ticogroup.com
    api: https://testing-api.ticogroup.com
    

    In Opposite, Host tenant has login successfully and redirect to home page of angular application.

    Can you help me for this?

  • User Avatar
    0
    datdv1 created

    Hi maliming! Can you help me for this? I need this part urgently!

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The token has returned, I guess this is an angular issue. Our angular team will reply to you ASAP. : )

  • User Avatar
    0
    datdv1 created

    Thanks for maliming! I Looking forward to angular team response!

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11