We are deploying our ABP-based application(layered app ) using two microservices in Kubernetes: an Auth Server and a Host API.
In the Host API, we configure JWT authentication using AddAbpJwtBearer() with Authority and the MetadataAddress wich pointing to the internal service address of the Auth Server
This is the identitymodel log:
[Error]06/29/2025 12:45:16 Message: IDX20804: Unable to retrieve document from: 'https://auth/.well-known/openid-configuration'., InnerException: The SSL connection could not be established, see inner exception.
[Error]06/29/2025 12:45:16 Message: IDX20806: Unable to obtain an updated configuration from: 'https://auth/.well-known/openid-configuration'. Returning the current configuration. Exception: 'System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://auth/.well-known/openid-configuration'.
---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch
at System.Net.Security.SslStream.SendAuthResetSignal(ReadOnlySpan1 alert, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.InjectNewHttp11ConnectionAsync(QueueItem queueItem) at System.Threading.Tasks.TaskCompletionSourceWithCancellation1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.SendAndRetryOnNetworkErrorAsync(HttpClient httpClient, Uri uri)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel)., InnerException: IDX20804: Unable to retrieve document from: 'https://auth/.well-known/openid-configuration'. [Error]06/29/2025 12:45:16 Message: IDX20803: Unable to obtain configuration from: 'https://auth/.well-known/openid-configuration'. Will retry at '1/1/0001 12:00:00 AM +00:00'. Exception: 'System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://auth/.well-known/openid-configuration'. ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch at System.Net.Security.SslStream.SendAuthResetSignal(ReadOnlySpan1 alert, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.InjectNewHttp11ConnectionAsync(QueueItem queueItem)
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.
We already try this solution and I mention it earlier we consume a lot of time trying to fix it but still token not validated please provide us with tested solution because in microservice template this portion is not configured well : options.TokenValidationParameters = new TokenValidationParameters { ValidIssuers = new[] { configuration["AuthServer:Authority"].EnsureEndsWith('/') } };
Environment: ABP latest version, separated Auth, angular App and . .NET9 host APi
We are deploying our ABP-based application using two microservices in Kubernetes: an Auth Server and a Host API.
In the Host API, we configure JWT authentication using AddAbpJwtBearer() with Authority and MetadataAddress pointing to the internal service address of the Auth Server , like so:
context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddAbpJwtBearer(options => { options.Authority = configuration["AuthServer:Authority"]; options.MetadataAddress = configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/') + ".well-known/openid-configuration"; options.RequireHttpsMetadata = configuration.GetValue<bool>("AuthServer:RequireHttpsMetadata"); options.Audience = configuration["AuthServer:Audience"]; });
Problem:
Although the token is successfully returned after login, it fails validation in the Host API.
We receive this error when ValidateIssuer is enabled:
IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null. When setting ValidateIssuer = false options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, / or true with the correct issuer not working also
});
We then get: IDX10500: Signature validation failed. No security keys were provided to validate the signature. Even after setting
ValidateIssuerSigningKey = false,
token validation still fails, and no response is returned from the API. The Angular app remains stuck after login, and Swagger also returns unauthorized.
so, how to use MetadataAddress as an inner address and validate the token
we couldn't upload our code because it is a restricted environment
Sorry I can't send a Template via email because the environment that developers work on it restricted
but you can share me one template that is working using Hangfire dashoard with separate OAuth because even on the new project template the dashboard not opening when I add authorization option to dashboard so please share a working solution with correct client configuration in order to follow it
This is the last log 2025-06-12 14:51:34.287 +04:00 [INF] AuthenticationScheme: Identity.External signed in. 2025-06-12 14:51:34.289 +04:00 [INF] Request finished HTTP/2 POST https://localhost:44349/signin-oidc - 302 null null 471.4384ms 2025-06-12 14:51:34.297 +04:00 [INF] Request starting HTTP/2 GET https://localhost:44349/hangfire - null null 2025-06-12 14:51:34.368 +04:00 [INF] AuthenticationScheme: oidc was challenged. 2025-06-12 14:51:34.376 +04:00 [INF] Request finished HTTP/2 GET https://localhost:44349/hangfire - 302 null null 78.6224ms 2025-06-12 14:51:34.600 +04:00 [INF] Request starting HTTP/2 POST https://localhost:44349/signin-oidc - application/x-www-form-urlencoded 1724
the problem the page still loading and not redirect to hangefire page it is stuck on this URL https://localhost:44371/connect/authorize?client_id=SmartClinicPro_HangeFire&redirect_uri=https%3A%2F%2Flocalhost%3A44349%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20SmartClinicPro&response_mode=form_post&nonce=638853224287721216.M2EyYzJlMjUtMmM5Zi00MTJlLWI5MWUtNDViYWFjNmUyZWFiMjRkMDQyMzQtZjA4OS00MzQwLTgxMDEtZTY0YTU2NmRhOWI4&state=CfDJ8CsR7lfmb1dNrxhuAn0fof5v61ZVPkbjyuLPC9SaRtKNxwaiTJvhWZ_4w13npyJMF0nxOn8SV3uA5bZGjGeRz4RYmIGNRVLsImwLz6XjDuUiKbXzaf-8sIWcWMn4QdShAxz4_54QVL0t0c7ZHnG5Lqq7xwbznTxvbQzhSqj3MYQMRI5YOtlN6o5rGiRB-egFXX7ZQY0ybIuSx9qey9cBxl4jQcxetxk_gctFDPNOi0rYOgUYJUrTKnuDfT7WVh0AUTyMrmbMAVcwtKWNmiW4jr46s_SvqpJviWyt7MSyyH8y6dKfzZtuCSVN9G4tShxcTQ&x-client-SKU=ID_NET9_0&x-client-ver=8.1.0.0 and still loading
note : Auth is separated
I updatesd the Redirect URi to : ["https://localhost:44349/signin-oidc"] now redirect to login page but after I entered the credincia and logged in the page not return to the hangefire it is enter in a loop and page still loading Auth server url: https://localhost:44371
https://localhost:44371/connect/authorize?client_id=SmartClinicPro_HangeFire&redirect_uri=https%3A%2F%2Flocalhost%3A44349%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20SmartClinicPro&response_mode=form_post&nonce=638853180483794824.ZTNjMDc0OTAtMWE2My00ZjE4LWEwNjMtMjE4N2YyNTQ4MDI5MWM0NWQzYzUtODQ1NC00NDhmLTk4YjMtMzc4Njk3OWJjNzY1&state=CfDJ8CsR7lfmb1dNrxhuAn0fof7e1GXEb5NBASVG61OVD1_kwMVd34x_Xa1bYIGVQ1oGTa1hEyXsXtRk694MXUP3gaURhRawDxEGHNCQDlvGGgl3HHc9T2UhACukLFB5-gNDScoDoosQRovetQIjX0fZYC4WUMr_zS9K8dBZGMRzvn20k-Sc39i3_zHiXWZoMYYuQsoMcfcutdflgCYgYT6Luu-NGcc_-JUEtm7f4tHyIhpT0Crq4t5xbh2b7TcA6lKFzTwOkO3rE0uqbLE8p53pGLk8NqDuyeFGtSgZAvC08bnC9mMkuCkYN_Z0L6fCAl6Tyw&x-client-SKU=ID_NET9_0&x-client-ver=8.1.0.0
and this is the last logs 2025-06-12 13:44:15.982 +04:00 [INF] AuthenticationScheme: oidc was challenged. 2025-06-12 13:44:15.984 +04:00 [INF] Request finished HTTP/2 GET https://localhost:44349/hangfire - 302 null null 4.2466ms 2025-06-12 13:44:16.159 +04:00 [INF] Request starting HTTP/2 POST https://localhost:44349/signin-oidc - application/x-www-form-urlencoded 1724 2025-06-12 13:44:16.161 +04:00 [INF] CORS policy execution failed. 2025-06-12 13:44:16.161 +04:00 [INF] Request origin https://localhost:44371 does not have permission to access the resource. 2025-06-12 13:44:16.351 +04:00 [INF] AuthenticationScheme: Identity.External signed in. 2025-06-12 13:44:16.353 +04:00 [INF] Request finished HTTP/2 POST https://localhost:44349/signin-oidc - 302 null null 193.6292ms 2025-06-12 13:44:16.358 +04:00 [INF] Request starting HTTP/2 GET https://localhost:44349/hangfire - null null 2025-06-12 13:44:16.361 +04:00 [INF] AuthenticationScheme: oidc was challenged. 2025-06-12 13:44:16.365 +04:00 [INF] Request finished HTTP/2 GET https://localhost:44349/hangfire - 302 null null 6.296ms 2025-06-12 13:44:16.546 +04:00 [INF] Request starting HTTP/2 POST https://localhost:44349/signin-oidc - application/x-www-form-urlencoded 1724 2025-06-12 13:44:16.547 +04:00 [INF] CORS policy execution failed. 2025-06-12 13:44:16.547 +04:00 [INF] Request origin https://localhost:44371 does not have permission to access the resource. 2025-06-12 13:44:16.740 +04:00 [INF] AuthenticationScheme: Identity.External signed in. 2025-06-12 13:44:16.741 +04:00 [INF] Request finished HTTP/2 POST https://localhost:44349/signin-oidc - 302 null null 195.7864ms 2025-06-12 13:44:16.746 +04:00 [INF] Request starting HTTP/2 GET https://localhost:44349/hangfire - null null 2025-06-12 13:44:16.748 +04:00 [INF] AuthenticationScheme: oidc was challenged. 2025-06-12 13:44:16.750 +04:00 [INF] Request finished HTTP/2 GET https://localhost:44349/hangfire - 302 null null 3.971ms 2025-06-12 13:44:16.942 +04:00 [INF] Request starting HTTP/2 POST https://localhost:44349/signin-oidc - application/x-www-form-urlencoded 1724 2025-06-12 13:44:16.943 +04:00 [INF] CORS policy execution failed. 2025-06-12 13:44:16.943 +04:00 [INF] Request origin https://localhost:44371 does not have permission to access the resource. 2025-06-12 13:44:17.114 +04:00 [INF] AuthenticationScheme: Identity.External signed in. 2025-06-12 13:44:17.116 +04:00 [INF] Request finished HTTP/2 POST https://localhost:44349/signin-oidc - 302 null null 173.9596ms 2025-06-12 13:44:17.121 +04:00 [INF] Request starting HTTP/2 GET https://localhost:44349/hangfire - null null 2025-06-12 13:44:17.124 +04:00 [INF] AuthenticationScheme: oidc was challenged. 2025-06-12 13:44:17.126 +04:00 [INF] Request finished HTTP/2 GET https://localhost:44349/hangfire - 302 null null 5.5092ms 2025-06-12 13:44:17.326 +04:00 [INF] Request starting HTTP/2 POST https://localhost:44349/signin-oidc - application/x-www-form-urlencoded 1724 2025-06-12 13:44:17.328 +04:00 [INF] CORS policy execution failed. 2025-06-12 13:44:17.328 +04:00 [INF] Request origin https://localhost:44371 does not have permission to access the resource. 2025-06-12 13:44:17.547 +04:00 [INF] AuthenticationScheme: Identity.External signed in. 2025-06-12 13:44:17.550 +04:00 [INF] Request finished HTTP/2 POST https://localhost:44349/signin-oidc - 302 null null 223.8674ms 2025-06-12 13:44:17.554 +04:00 [INF] Request starting HTTP/2 GET https://localhost:44349/hangfire - null null 2025-06-12 13:44:17.556 +04:00 [INF] AuthenticationScheme: oidc was challenged. 2025-06-12 13:44:17.558 +04:00 [INF] Request finished HTTP/2 GET https://localhost:44349/hangfire - 302 null null 3.5208ms 2025-06-12 13:44:17.742 +04:00 [INF] Request starting HTTP/2 POST https://localhost:44349/signin-oidc - application/x-www-form-urlencoded 1724 2025-06-12 13:44:17.743 +04:00 [INF] CORS policy execution failed. 2025-06-12 13:44:17.743 +04:00 [INF] Request origin https://localhost:44371 does not have permission to access the resource.
Hello, We need to add Authentication to the AbpHangfireDashboard We are using abp separated auth , API and angular I follow the documnetation to add Cooki Authorization context.Services.AddAuthentication() .AddCookie("Cookies") .AddOpenIdConnect("oidc", options => { options.Authority = configuration["AuthServer:Authority"]; options.RequireHttpsMetadata = configuration.GetValue<bool>("AuthServer:RequireHttpsMetadata"); options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.ClientId = configuration["AuthServer:ClientId"];
options.ClientSecret = configuration["AuthServer:ClientSecret"];
options.UsePkce = true;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("roles");
options.Scope.Add("email");
options.Scope.Add("phone");
options.Scope.Add("MyProjectName");
});
but when I run the project give me this Error error:invalid_request error_description:The specified 'redirect_uri' is not valid for this client application. error_uri:https://documentation.openiddict.com/errors/ID2043 culture:en ui-culture:en
Kindly provide me with all client setting because the documentation didn't mention about the client settings or grant type in order to Authenticate the /hangefire
We need to add new language to our system (Croatia) we create the resource file and add our application resources but for abp module how we can add new language resource file or values to each module? for example identity module
Any update ?
2025-05-15 12:16:41.400 +04:00 [ERR] An exception occurred while iterating over the results of a query for context type 'Volo. Saas. EntityFrameworkCore. SaasDbContext'. System.ArgumentException: Couldn't set trusted_connection (Parameter 'trusted_connection') --- > System. Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at Npgsql. NpgsqlConnectionStringBuilder.GeneratedActions(GeneratedAction action, String keyword, Object& value) at Npgsql.NpgsqlConnectionStringBuilder.set_Item(String keyword, Object value)
