Activities of "rogercprops"

Hi,

We're woking on this but we need the HostTenantResolveContributer since we're getting the tenant from the url for our front-end application. For example: auth.agency1.mydomain.com the tenant is agency1.

We're also exposing some services via API and need to get a token. The request will have the tenant in the request header if it is not for the host. The tenant will be left off the request header if it is for the host.

We'll try temporarily following your suggestion but we'll need to put the HostTenantResolveContributer back. So please don't close this ticket until we have everything working.

Thank you,

Hi,

In the output I sent you, the Tenant was not passed because the admin userId is for the host (i.e. no tenant).

I've given you read access to the GitHub repositories oauth-api (.net API) & auth-server (Abp auth-server app)

I tried modifying the configmap for the nginx ingress controller and it still didn't work either with a tenant or without a tenant in the request.

Here's the postman request passing a tenant in node.js format . `const axios = require('axios');

let config = { method: 'post', maxBodyLength: Infinity, url: 'https://oauth.cloverleafcms.dev/Token?Tenant=TexasGuardians&ClientId=PublicAPI&ClientSecret=***&UserName=EddyFitz&Password=', headers: { } };

axios.request(config) .then((response) => { console.log(JSON.stringify(response.data)); }) .catch((error) => { console.log(error); });`

When I tried to get a token for a user in one of the SaaS tenants this is what's in the log for the AKS auth-server

024-01-08T14:27:23.291440312Z [14:27:23 INF] Request finished HTTP/1.1 GET http://authserver.cloverleafcms.dev/.well-known/jwks - - - 200 1652 application/json;charset=UTF-8 10.7121ms 2024-01-08T14:27:23.340415663Z [14:27:23 INF] Request starting HTTP/1.1 POST http://authserver.cloverleafcms.dev/connect/token application/x-[www-form-urlencoded 361](http://www-form-urlencoded 361) 2024-01-08T14:27:23.341995658Z [14:27:23 INF] The request URI matched a server endpoint: Token. 2024-01-08T14:27:23.342031258Z [14:27:23 INF] The token request was successfully extracted: { 2024-01-08T14:27:23.342038958Z "grant_type": "password", 2024-01-08T14:27:23.342043558Z "username": "EddyFitz", 2024-01-08T14:27:23.342050958Z "password": "[redacted]", 2024-01-08T14:27:23.342816056Z "scope": "address email phone profile roles AccountService IdentityService AdministrationService SaasService ClientService ServicesService ClientServiceQueryService UserInfoQueryService DocumentService GuardianshipService NotesService ContactService EngagementLogService DocTemplateService FinancialsService", 2024-01-08T14:27:23.342856056Z "client_id": "PublicAPI", 2024-01-08T14:27:23.346486645Z "client_secret": "[redacted]" 2024-01-08T14:27:23.346807644Z }. 2024-01-08T14:27:24.199496948Z [14:27:24 INF] The token request was successfully validated. 2024-01-08T14:27:24.212204810Z [14:27:24 INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' 2024-01-08T14:27:24.213356906Z [14:27:24 INF] Route matched with {action = "Handle", controller = "Token", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] HandleAsync() on controller Volo.Abp.OpenIddict.Controllers.TokenController (Volo.Abp.OpenIddict.AspNetCore). 2024-01-08T14:27:24.213624105Z [14:27:24 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2024-01-08T14:27:24.228731859Z [14:27:24 INF] Try to use LDAP for external authentication 2024-01-08T14:27:24.255050379Z [14:27:24 WRN] Ldap login feature is not enabled! 2024-01-08T14:27:24.257459872Z [14:27:24 INF] Try to use OAUTH for external authentication 2024-01-08T14:27:24.261001161Z [14:27:24 WRN] OAuth login feature is not enabled! 2024-01-08T14:27:24.515941685Z [14:27:24 INF] No user found matching username: EddyFitz 2024-01-08T14:27:24.566320632Z [14:27:24 INF] Executing ForbidResult with authentication schemes (["OpenIddict.Server.AspNetCore"]). 2024-01-08T14:27:24.566390331Z [14:27:24 INF] The response was successfully returned as a JSON document: { 2024-01-08T14:27:24.566416131Z "error": "invalid_grant", 2024-01-08T14:27:24.566422131Z "error_description": "Invalid username or password!", 2024-01-08T14:27:24.566426931Z "error_uri": "https://documentation.openiddict.com/errors/ID2024" 2024-01-08T14:27:24.566431731Z }. 2024-01-08T14:27:24.566436331Z [14:27:24 INF] AuthenticationScheme: OpenIddict.Server.AspNetCore was forbidden. 2024-01-08T14:27:24.566442731Z [14:27:24 INF] Executed action Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore) in 348.651ms 2024-01-08T14:27:24.579174992Z [14:27:24 INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' 2024-01-08T14:27:24.661847341Z [14:27:24 INF] Request finished HTTP/1.1 POST http://authserver.cloverleafcms.dev/connect/token application/x-[www-form-urlencoded 361](http://www-form-urlencoded 361) - 400 155 application/json;charset=UTF-8 1321.5275ms 20

Here's the code for the .net API that uses the IdentityModel.Client;

`using IdentityModel.Client; using OauthToken.Models;

namespace OauthToken.Services { public class TokenService : ITokenService { private readonly IConfiguration _configuration;

    public TokenService(IConfiguration configuration)
    {
        _configuration = configuration;
    }
    public async Task<TokenRequestResponse?> GetAccessToken(string? Tenant, string ClientId, string ClientSecret, string UserName, string Password)
    {
        var apiEndpoint = _configuration.GetValue<string>("AuthServiceBaseUrl");
        var Scope = _configuration.GetValue<string>("Scope");
        var discoveryCache = new DiscoveryCache(apiEndpoint);
        var disco = await discoveryCache.GetAsync();
        var client = new HttpClient();

        var passwordTokenRequest = new PasswordTokenRequest
        {
            Address = disco.TokenEndpoint,
            ClientId = ClientId,
            ClientSecret = ClientSecret,
            UserName = UserName,
            Password = Password,
            Scope = Scope
        };

        if (Tenant != null) passwordTokenRequest.Headers.Add("__tenant", Tenant);
        var tokenResponse = await client.RequestPasswordTokenAsync(passwordTokenRequest);
        
        TokenRequestResponse tokenRequestResponse = new();

        if (tokenResponse.IsError)
        {
            tokenRequestResponse.ErrorCode = (int)tokenResponse.HttpResponse.StatusCode;
            tokenRequestResponse.Error = tokenResponse.ErrorDescription;
        }
        else
        {
            tokenRequestResponse.AccessToken = tokenResponse.AccessToken;
            tokenRequestResponse.RefreshToken = tokenResponse.RefreshToken;
            tokenRequestResponse.ExpiresIn = tokenResponse.ExpiresIn;
        }

        return tokenRequestResponse;
    }
}

}`

Hi,

As I said, the databases are exactly the same. The database is SQL server running in a vm. localhost appsettings.json "ConnectionStrings": { "IdentityService": "Server=40.124.37.230;Database=CloverleafCMS_Identity;User Id=*;password=;MultipleActiveResultSets=true;TrustServerCertificate=True",

auth-sever aks deployment manifest - name: "ConnectionStrings__IdentityService" value: "Server=40.124.37.230;Database=CloverleafCMS_Identity;User Id=;password=;TrustServerCertificate=True"

Where specifically do I put these lines of code? What service or application? What cs file? etc.

Hi,

Can you be more specific about what you mean? It's not real clear from the link to the source code.

Thank you

Here it is: [13:42:17 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/.well-known/openid-configuration - - [13:42:17 INF] CORS policy execution successful. [13:42:17 INF] The request URI matched a server endpoint: Configuration. [13:42:17 INF] The configuration request was successfully extracted: {}. [13:42:17 INF] The configuration request was successfully validated. [13:42:17 INF] The response was successfully returned as a JSON document: { "issuer": "https://authserver.cloverleafcms.dev/", "authorization_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/authorize", "token_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/token", "introspection_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/introspect", "end_session_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/logout", "revocation_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/revocat", "userinfo_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/userinfo", "device_authorization_endpoint": "https://auth.txguardians.cloverleafcms.dev/device", "jwks_uri": "https://auth.txguardians.cloverleafcms.dev/.well-known/jwks", "grant_types_supported": [ "authorization_code", "implicit", "password", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:device_code", "LinkLogin", "Impersonation" ], "response_types_supported": [ "code", "code id_token", "code id_token token", "code token", "id_token", "id_token token", "token", "none" ], "response_modes_supported": [ "form_post", "fragment", "query" ], "scopes_supported": [ "openid", "offline_access", "email", "profile", "phone", "roles", "address", "AccountService", "IdentityService", "AdministrationService", "SaasService", "ClientService", "ServicesService", "ClientServiceQueryService", "UserInfoQueryService" ], "claims_supported": [ "aud", "exp", "iat", "iss", "sub" ], "id_token_signing_alg_values_supported": [ "RS256" ], "code_challenge_methods_supported": [ "S256" ], "subject_types_supported": [ "public" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "introspection_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "revocation_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "claims_parameter_supported": false, "request_parameter_supported": false, "request_uri_parameter_supported": false, "authorization_response_iss_parameter_supported": true }. [13:42:17 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/.well-known/openid-configuration - - - 200 2313 application/json;charset=UTF-8 8.9659ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjhFOEEwNTQyMUVENUYyRDlFMDcyNzIwNEFDQUQxQTFDRDlBRDEyRkUiLCJ4NXQiOiJqb29GUWg3Vjh0bmdjbklFckswYUhObXRFdjQiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiI5YmIyMWFjOS1kM2FjLTg4N2UtYjUyMS0zYTBjOWM1ZDA4ZDYiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJFZGR5Rml0eiIsImVtYWlsIjoiZWRkeWZpdHpAZ3RleHRlc3QuY29tIiwidGVuYW50aWQiOiIwZWVjM2M1OS1mNzE4LWE5MTYtM2M4Ny0zYTBjOWM1N2RhZjgiLCJ1bmlxdWVfbmFtZSI6IkVkZHlGaXR6Iiwib2lfYXVfaWQiOiI0ZDljNWJmYy0wYWM1LTkyNTktYTFkZS0zYTBjOWZhODE4MTUiLCJhenAiOiJDbG92ZXJsZWFmQ01TIiwiYXRfaGFzaCI6ImRhaWZNQnk0MG5yaGZHek1UeGt5ZEEiLCJvaV90a25faWQiOiIwNzFkMzE0ZC00Njg1LTA0MmEtMjU3MC0zYTBkYzUwMDExY2QiLCJhdWQiOiJDbG92ZXJsZWFmQ01TIiwiZXhwIjoxNjk1MjE4NTAxLCJpc3MiOiJodHRwczovL2F1dGhzZXJ2ZXIuY2xvdmVybGVhZmNtcy5kZXYvIiwiaWF0IjoxNjk1MjE3MzAxfQ.eYbszCdoQR-nz2qpEvLgq1lsxYZqw7nYCLlhaoKwk1Y_TyQVoCode59kbhX_hSnFuvOTFBbw_cq2qES9nAr0s8UED4cStuVmsNGHTcjmozLFCaRUjKpQZRoXvKDupZ-ggE-lj6ME4VMvxUbscIYL71P5ravYf4uxLMt4_FBGyGycMBjzqWLZxzXzhi74UYwaPFK7OdNXHLEKPd4K60tDRNejUjTX4C4_GGt_wlJte5AAQmTO-lG7XX0LQ7axe92lszc4AAIE94jW-mP9XGFvVhicOmH6Vz35yc_mnbERCY0GP2BXrOBM4Txnf3KWYPE_gm466VyAkxMdnlfSIkNcgg&post_logout_redirect_uri=https%3A%2F%2Ftxguardians.cloverleafcms.de%2Fauth%2Flogin - - [13:42:18 INF] The request URI matched a server endpoint: Logout. [13:42:18 INF] The logout request was successfully extracted: { "id_token_hint": "[redacted]", "post_logout_redirect_uri": "https://txguardians.cloverleafcms.de/auth/login" }. [13:42:18 INF] The logout request was rejected because the specified post_logout_redirect_uri was invalid: https://txguardians.cloverleafcms.de/auth/login. [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjhFOEEwNTQyMUVENUYyRDlFMDcyNzIwNEFDQUQxQTFDRDlBRDEyRkUiLCJ4NXQiOiJqb29GUWg3Vjh0bmdjbklFckswYUhObXRFdjQiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiI5YmIyMWFjOS1kM2FjLTg4N2UtYjUyMS0zYTBjOWM1ZDA4ZDYiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJFZGR5Rml0eiIsImVtYWlsIjoiZWRkeWZpdHpAZ3RleHRlc3QuY29tIiwidGVuYW50aWQiOiIwZWVjM2M1OS1mNzE4LWE5MTYtM2M4Ny0zYTBjOWM1N2RhZjgiLCJ1bmlxdWVfbmFtZSI6IkVkZHlGaXR6Iiwib2lfYXVfaWQiOiI0ZDljNWJmYy0wYWM1LTkyNTktYTFkZS0zYTBjOWZhODE4MTUiLCJhenAiOiJDbG92ZXJsZWFmQ01TIiwiYXRfaGFzaCI6ImRhaWZNQnk0MG5yaGZHek1UeGt5ZEEiLCJvaV90a25faWQiOiIwNzFkMzE0ZC00Njg1LTA0MmEtMjU3MC0zYTBkYzUwMDExY2QiLCJhdWQiOiJDbG92ZXJsZWFmQ01TIiwiZXhwIjoxNjk1MjE4NTAxLCJpc3MiOiJodHRwczovL2F1dGhzZXJ2ZXIuY2xvdmVybGVhZmNtcy5kZXYvIiwiaWF0IjoxNjk1MjE3MzAxfQ.eYbszCdoQR-nz2qpEvLgq1lsxYZqw7nYCLlhaoKwk1Y_TyQVoCode59kbhX_hSnFuvOTFBbw_cq2qES9nAr0s8UED4cStuVmsNGHTcjmozLFCaRUjKpQZRoXvKDupZ-ggE-lj6ME4VMvxUbscIYL71P5ravYf4uxLMt4_FBGyGycMBjzqWLZxzXzhi74UYwaPFK7OdNXHLEKPd4K60tDRNejUjTX4C4_GGt_wlJte5AAQmTO-lG7XX0LQ7axe92lszc4AAIE94jW-mP9XGFvVhicOmH6Vz35yc_mnbERCY0GP2BXrOBM4Txnf3KWYPE_gm466VyAkxMdnlfSIkNcgg&post_logout_redirect_uri=https%3A%2F%2Ftxguardians.cloverleafcms.de%2Fauth%2Flogin - - - 302 0 - 3.9412ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=400 - - [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). [13:42:18 INF] Executing ViewResult, running view ~/Views/Error/Default.cshtml. [13:42:18 INF] Executed ViewResult - view ~/Views/Error/Default.cshtml executed in 36.7005ms. [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 44.9802ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=400 - - - 400 - text/html;+charset=utf-8 58.0027ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css?_v=638308125905720381 - - [13:42:18 INF] The file /__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css was not modified [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css?_v=638308125905720381 - - - 304 - text/css 0.6481ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js?_v=638308125910957110 - - [13:42:18 INF] The file /__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js was not modified [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js?_v=638308125910957110 - - - 304 - application/javascript 0.9618ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationLocalizationScript?cultureName=en - - [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationConfigurationScript - - [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ServiceProxyScript - - [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationConfigurationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] Get() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController (Volo.Abp.AspNetCore.Mvc). [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationLocalizationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationRequestDto) on controller Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController (Volo.Abp.AspNetCore.Mvc). [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Route matched with {area = "Abp", action = "GetAll", controller = "AbpServiceProxyScript", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult GetAll(Volo.Abp.AspNetCore.Mvc.ProxyScripting.ServiceProxyGenerationModel) on controller Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController (Volo.Abp.AspNetCore.Mvc). [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc) in 2.6807ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ServiceProxyScript - - - 200 158 application/javascript 24.4625ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/~images/logo/leptonx/logo-dark.jpeg - - [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/~images/logo/leptonx/logo-dark.jpeg - - - 302 0 - 13.6779ms [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) in 84.8822ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationConfigurationScript - - - 200 8397 application/javascript 99.8249ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=404 - - [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). [13:42:18 INF] Executing ViewResult, running view ~/Views/Error/404.cshtml. [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 185.967ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationLocalizationScript?cultureName=en - - - 200 75987 application/javascript 207.3579ms [13:42:18 INF] Executed ViewResult - view ~/Views/Error/404.cshtml executed in 40.9456ms. [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 49.9008ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=404 - - - 404 - text/html;+charset=utf-8 72.4962ms

Thanks. That answered the question.

We modified the tenant resolver to read from a database table to get the tenant based on the full URL. Happy to share it with others.

Hi,

Thanks.

It worked for the Redirect Url but not the PostLogoutRedirectUrls.

Here's the error from the logs: [13:16:29 INF] The logout request was successfully extracted: { "id_token_hint": "[redacted]", "post_logout_redirect_uri": "https://txguardians.cloverleafcms.de/auth/login" }. [13:16:29 INF] The logout request was rejected because the specified post_logout_redirect_uri was invalid: https://txguardians.cloverleafcms.de/auth/login.

And this is the code in the authserver module:

        {
            options.EnableWildcardDomainSupport = true;
            options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/signin-oidc");
            options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/silent-refresh");
            options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/auth/login");
            options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/auth/signout-callback-oidc");
            options.WildcardDomainsFormat.Add("https://{0}:9000/signin-oidc");
            options.WildcardDomainsFormat.Add("https://{0}:9000/auth/signout-callback-oidc");
            options.WildcardDomainsFormat.Add("https://{0}:44321/signin-oidc");
            options.WildcardDomainsFormat.Add("https://{0}:44321/signout-callback-oidc");
        });

Am I missing something?

Thank you for response but let me point out a couple of points since I was trying to use the eshopOnAbp demo source code as a reference:

• I followed the instructions in the root folder readme.md and when I ran tye-run it got to line 66 of the tye.yaml file it aborted with the message Error parsing tye.yaml: (66, 7): Path "abpTemplates/eShopOnAbp/.env" was not found.

Because of course there is no .env in the root directory. I'm assuming it's because there are sensitive values in your .env file that you don't want on GitHub. So it would be nice to either have something in the readme.md file with what needs to be included or a .env template with the sensitive values left out.

• There is no elasticsearch directory in the helm charts of the eshopOnAbp and in the authserver values.yaml file this is what's under the config property: elasticsearchHost: #

• In the microservices template /etc/k8s helm charts all of the values are #, it leaves the developer to figure out what each property is used for and then figure out what value to insert. A lot of that can be extrapolated from the appsettings.json files but it would be nice to have comments in the values file with some examples/instructions for filling out. For example this is from the authserver values.yaml file: config: selfUrl: # corsOrigins: # allowedRedirectUrls: # disablePii: # identityService: connString: # administrationService: connString: # saasService: connString: # authServer: authority: # requireHttpsMetadata: # swaggerClientId: # dotnetEnv: # redisHost: # rabbitmqHost: # elasticsearchUrl: # I would only ask if you're going to provide a template based on a solution you have running in a cloud Kubernetes environment that a) The documentation is complete and accurate. b) If the documentation is complete and accurate it actually works when you follow the instructions

Sorry to be negative, but I wanted to provide some feedback on what would help my team and other companies as well.