- ABP Framework version: v7.3.2
- UI Type: MVC
- Database System: EF Core (PostgreSQ)
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
- Exception message and full stack trace:
- Steps to reproduce the issue:
When deploying to Docker When calling another microservie using "Synchronous Communication between Microservices", the error below occurs.
I need help.
[03:41:42 INF] Sending HTTP request GET https://1.1.1.1:55555/.well-known/openid-configuration [03:41:42 ERR] ---------- RemoteServiceErrorInfo ---------- { "code": null, "message": "An internal error occurred during your request!", "details": null, "data": {}, "validationErrors": null }
[03:41:42 ERR] Could not retrieve the OpenId Connect discovery document! ErrorType: Exception. Error: Error connecting to https://1.1.1.1:55555/.well-known/openid-configuration. The SSL connection could not be established, see inner exception..
Volo.Abp.AbpException: Could not retrieve the OpenId Connect discovery document! ErrorType: Exception. Error: Error connecting to https://1.1.1.1:55555/.well-known/openid-configuration. The SSL connection could not be established, see inner exception..
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetDiscoveryResponse(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.CreateClientCredentialsTokenRequestAsync(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetTokenResponse(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenAsync(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenOrNullAsync(String identityClientName)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.TryAuthenticateAsync(HttpClient client, String identityClientName)
at Volo.Abp.Http.Client.IdentityModel.IdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync(ClientProxyRequestContext requestContext) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase
1.RequestAsync[T](ClientProxyRequestContext requestContext)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments) at SCH.AdminPortalService.Projects.ProjectClientProxy.GetListAsync(GetProjectsInput input) in /var/lib/jenkins/workspace/SmartCloudHub-Docker/services/adminPortal/src/SCH.AdminPortalService.HttpApi.Client/ClientProxies/SCH/AdminPortalService/Projects/ProjectClientProxy.Generated.cs:line 22 at lambda_method1500(Closure, Object) at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask
1 actionResultValueTask)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
[03:41:42 INF] Executing ObjectResult, writing value of type 'Volo.Abp.Http.RemoteServiceErrorResponse'.
4 Answer(s)
-
0
Hi,
please check this similar issue https://support.abp.io/QA/Questions/4558/The-SSL-connection-could-not-be-established-see-inner-exception--BLAZOR-SERVER
also check this discussion https://github.com/abpframework/abp/issues/11844
thanks
-
0
In the MVC/BlazorServer apps, you can see a configuration as below under the OpenIdConnect configuration:
if (Convert.ToBoolean(configuration["AuthServer:IsOnK8s"])) { context.Services.Configure<OpenIdConnectOptions>("oidc", options => { options.MetadataAddress = configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/') + ".well-known/openid-configuration"; var previousOnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProvider; options.Events.OnRedirectToIdentityProvider = async ctx => { // Intercept the redirection so the browser navigates to the right URL in your host ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/authorize"; if (previousOnRedirectToIdentityProvider != null) { await previousOnRedirectToIdentityProvider(ctx); } }; var previousOnRedirectToIdentityProviderForSignOut = options.Events.OnRedirectToIdentityProviderForSignOut; options.Events.OnRedirectToIdentityProviderForSignOut = async ctx => { // Intercept the redirection for signout so the browser navigates to the right URL in your host ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/logout"; if (previousOnRedirectToIdentityProviderForSignOut != null) { await previousOnRedirectToIdentityProviderForSignOut(ctx); } }; });
You should be setting
[AuthServer:IsOnK8s]
to true since you are running it on containers; which means you will be logging in through the browser but obtaining/validating the tokens through the internal network. Set the[AuthServerMetaAddress]
to real DNS. Set the[AuthServerMetaAddress]
to internal docker service address. -
0
Hi,
please check this similar issue https://support.abp.io/QA/Questions/4558/The-SSL-connection-could-not-be-established-see-inner-exception--BLAZOR-SERVER
also check this discussion https://github.com/abpframework/abp/issues/11844
thanks
thank you for your help.
I checked it and The general web - gateway - service route works well, but this phenomenon only occurs in communication between microservices.
-
0
Okay, now I understand.
First, for microservice-to-microservice calls, we introduced Integration Services. We strongly recomment using integration services for this kind of usage.
If you want to keep using existing authorized endpoints, you probably have IdentityClient configuration as below:
"IdentityClients": { "Default": { "GrantType": "client_credentials", "ClientId": "BookStore_OrderService", "ClientSecret": "1q2w3e*", "Authority": "https://localhost:44322", -> On production this must be the internal service name "Scope": "ProductService" } }
Instead of using
https://10.200.40.25:44322
try using docker service name something likehttp://myauthservice
.The token validation etc should be (will be) done through the internal network.