Starts in:
1 DAY
11 HRS
49 MIN
34 SEC
Starts in:
1 D
11 H
49 M
34 S
Open Closed

Tenant-Id and Tenant-Name Not Set in Header After Dashboard Redirect (SSO OIDC) #8132


User avatar
0
Repunjay_TASC created
  • ABP Framework version: 8.0
  • UI Type: Angular
  • Database System: EF Core (PostgreSQL)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

We have a requirement where, when a client clicks on our application logo (which is already configured within their application), they should be redirected directly to the IdP's login page instead of the ABP.IO login page. After authentication with the IdP, the user should be redirected to our dashboard.

Using below ABP.IO support ticket i am successfully able to run POC project. Note :- Tenant not set in POC project.

https://abp.io/support/questions/7788/Custom-Redirection-to-third-party-IdP-Login-Page-and-Dashboard-Post-Authentication-in-ABPIO?CurrentPage=2

Error :- After integrating the same code into our existing project, we successfully authenticated with the IDP, added the user to the database, and were redirected to the dashboard. However, after a few seconds, the application automatically redirects to the logout page I have cross check log it's look like tenant not set that's why user not able to login.

For your refence please find below log

We need to set the tenant name and tenant ID headers for the dashboard redirect URL. How can we do this ?


110 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    It's mandatory to unable this OAuth Login feature ?

    This is an independent login function, you can enable or disable it, the default is disabled. If enabled you need to provide relevant configuration.


    You mean to say this is only required for MVC application ?

    It's an external/social login in MVC. You can use it if you use code flow in angular. But you are not using code flow now.


    I don't understand your current login process at all. Remote meetings won't help. You can try sharing a project that reproduces the problem. That way I can check the problem locally.

    Thanks.

  • User Avatar
    0
    Repunjay_TASC created

    hi

    It's mandatory to unable this OAuth Login feature ?

    This is an independent login function, you can enable or disable it, the default is disabled. If enabled you need to provide relevant configuration.

    Okay, my question is: I haven't been able to enable this feature, which is why we are facing this issue ?


    You mean to say this is only required for MVC application ?

    It's an external/social login in MVC. You can use it if you use code flow in angular. But you are not using code flow now.

    As per your suggestion i have made code flow from angular as well as .

    So many confusion which process need to follow.

    1. I have microservices side api as well which authenticate with IDP.

    AuthenticationScheme i have added please find below screen shot. Controller api also connect with IDP

    above code communicate with IDP get token get user info and inserted in DB as well only after redirect to dashboard facing issue .

    we already discuss this scenario earlier


    I don't understand your current login process at all. Remote meetings won't help.

    **We have a requirement where, when a client clicks on our application logo (which is already configured within their application), they should be redirected directly to the IdP's login page instead of the ABP.IO login page. After authentication with the IdP. After that we get user information from IDP insert into our DB and update roles and then user should be redirected to our dashboard. **

    1. As per your suggestion i have added angular side code as well which authenticate with IDP.

    This is code changes i have made in angular side. i] When client click login link first load home module and ngOnInit method base on condition we call IDP login API IDP Login api with connect with Third-party IDP Server(it's working as expected) ii] We have another component we handle callback url(redirect url from IDP) after that read below parameter. Also i have mention That before executing the first two [i, ii] steps, the api/abp/application-configuration endpoint is called automatically, and the access token is not passed.

    Still you are saying not using code flow now.

    We have experienced significant communication gaps, and I don't believe this approach will help us resolve our issue.

    You can try sharing a project that reproduces the problem. That way I can check the problem locally.

    Thanks.

    Due to policy restrictions, it's not possible to share my current project. Additionally, this problem cannot be reproduced in the ABP separate template because we have made many modifications to our existing project. I should also mention that we are using an older ABP template in our current project, although the version has been updated.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    ok.

    If I understand correctly, your angular has got an access_token

    http://localhost:4200/oidcredirect#access_token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiw
    
    1. You can try using this access token to call your website's API to verify that it is correct. For example:
    GET /api/account/my-profile 
        Authorization: Bearer <your token>
    
    1. if the access token is no problem. I will ask our angular team to use it in /api/abp/application-configuration request headers
  • User Avatar
    0
    Repunjay_TASC created

    ok i will try and update you.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    : )

  • User Avatar
    0
    Repunjay_TASC created

    ok.

    If I understand correctly, your angular has got an access_token

    http://localhost:4200/oidcredirect#access_token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiw 
    
    1. You can try using this access token to call your website's API to verify that it is correct.For example:
    GET /api/account/my-profile  
        Authorization: Bearer <your token> 
    

    The /api/account/my-profile API is used to retrieve the current user's profile information. However, the user must be present in the database for this API to return valid data.

    Currently, I authenticate users through a third-party IDP and obtain a token from them. I need to retrieve user information from the IDP, which includes the ProviderKey (User ID). After obtaining this ProviderKey, I pass it to the GetUserDetailsInfo API to fetch the authenticated user's information, which I then insert into the database.

    Once the user information is successfully inserted into the database, I should be able to call the /api/account/my-profile endpoint to retrieve the user's profile.

    Previously, we used the method await _signInManager.GetExternalLoginInfoAsync(); to get the ProviderKey (User ID), which we then used to call the GetUserDetailsInfo API and store the user information in the database.

    However, with the change in our code approach, I am currently unable to find out how to retrieve the ProviderKey in Angular.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    The ProviderKey should be returned by IDP.

    Maybe you can get it from access_token.

    You can check the claims in token. decode the token in https://jwt.io/

  • User Avatar
    0
    Repunjay_TASC created

    Ok let me check

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    ok,a nd you can share a token by email. liming.ma@volosoft.com

    I can check it as well.

  • User Avatar
    0
    Repunjay_TASC created

    token

    I have shared over email pls check

  • User Avatar
    0
    Repunjay_TASC created

    I have cross validate; Inside token we received Client ID not User ID

    For your information pls find attached screen shot.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    grant_type=client_credentials => The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user.

    You are using the client_credentials, there is no user concept in this grant type.

  • User Avatar
    0
    Repunjay_TASC created

    Can i use this grant type grant_type=authorization_code ?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I'm not sure. This is your auth0 server. But I think you can use the code or password flow with auth0.

    Please refer to its document.

  • User Avatar
    0
    Repunjay_TASC created

    I am using below header parameter to get token

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    I'm not sure. You can send the request and check the response.

  • User Avatar
    0
    Repunjay_TASC created
    1. You can try using this access token to call your website's API to verify that it is correct.For example:
    GET /api/account/my-profile   
        Authorization: Bearer <your token>  
    

    The /api/account/my-profile API is used to retrieve the current user's profile information. However, the user must be present in the database for this API to return valid data.

    I am now able to retrieve the user ID and, based on that, fetch user details from the Identity Provider (IDP) and successfully insert them into the database.

    However, after calling the /api/account/my-profile API, I am encountering an internal server error. I have shared the request and response details over email. Could you please cross-check whether all the headers in the request are correct? Meanwhile, I will continue investigating the issue internally.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I am encountering an internal server error.

    Can you share the error logs of the 500?


    The access_token you passed to API is not gotten from ABP. I think API doesn't recognize it.

  • User Avatar
    0
    Repunjay_TASC created

    hi

    I am encountering an internal server error.

    Can you share the error logs of the 500?


    The access_token you passed to API is not gotten from ABP. I think API doesn't recognize it.

    I received a token from a third-party IDP that one i pass, let me get token from ABP and pass inside this request.

    Can you help how to get token from ABP in angular

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Please share the error logs of the 500

  • User Avatar
    0
    Repunjay_TASC created

    shared logs over email please check

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    after calling the /api/account/my-profile API, I am encountering an internal server error.

    Please call the API a few more times and share the log. Your log seems incomplete.

    Thanks.

    You can set log level to Debug

    public class Program
    {
        public async static Task<int> Main(string[] args)
        {
            Log.Logger = new LoggerConfiguration()
                .MinimumLevel.Debug()
                .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning)
                .Enrich.FromLogContext()
                .WriteTo.Async(c => c.File("Logs/logs.txt"))
                .WriteTo.Async(c => c.Console())
                .CreateLogger();
    
  • User Avatar
    0
    Repunjay_TASC created

    Hi ,

    shared latest log information pls check and let me know.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Are you using the gateway?

    Please check the service logs.

    500 error logs seem to be on other websites.

    [14:10:09 INF] [] Request starting "HTTP/2" "GET" "https"://"localhost:44359""""/api/account/my-profile""" - null null
    [14:10:09 INF] [] CORS policy execution successful.
    [14:10:09 INF] [] Handling request: /api/account/my-profile
    [14:10:09 INF] [] Handling request logProject: product
    [14:10:09 INF] [] Handling request logProjectGroupName: /ecs/product-dev-gateway
    [14:10:09 INF] [] Handling request logProject change tenant: product
    [14:10:09 INF] [Product] Executing endpoint '"Volo.Abp.Account.ProfileController.GetAsync (Volo.Abp.Account.Pro.Public.HttpApi)"'
    [14:10:09 INF] [Product] Route matched with "{area = \"account\", controller = \"Profile\", action = \"Get\", page = \"\"}". Executing controller action with signature "System.Threading.Tasks.Task`1[Volo.Abp.Account.ProfileDto] GetAsync()" on controller "Volo.Abp.Account.ProfileController" ("Volo.Abp.Account.Pro.Public.HttpApi").
    [14:10:09 INF] [Product] Executed action "Volo.Abp.Account.ProfileController.GetAsync (Volo.Abp.Account.Pro.Public.HttpApi)" in 13.5452ms
    [14:10:09 INF] [Product] Executed endpoint '"Volo.Abp.Account.ProfileController.GetAsync (Volo.Abp.Account.Pro.Public.HttpApi)"'
    [14:10:09 INF] [] Finished handling request.
    [14:10:09 INF] [] Request finished "HTTP/2" "GET" "https"://"localhost:44359""""/api/account/my-profile""" - 500 null "application/json" 195.4187ms
    
  • User Avatar
    0
    Repunjay_TASC created

    Yes i am calling gateway api .

    this is base method right ?

    below API i have call from angular and token pass which is coming from 3rd party IDP.

    Which token need to pass this api ? ABP or 3rd party IDP. ?

Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06