0
pei.chen@cpy.com.hk created
- ABP Framework version: v5.2.1
- UI type: Blazor
- DB provider: EF Core
- k8s deploy
k8 deploy, only follow the abp.io suite template (v5.2.1), and change some necessary Env settings. Add the TLS secret follow this document : https://github.com/abpframework/eShopOnAbp/tree/main/etc
Error Info:
- After click [Login] the log show:
[03:43:53 INF] Executing endpoint 'MOS.Blazor.Controllers.AccountController.Login (MOS.Blazor)'
[03:43:53 INF] Route matched with {action = "Login", controller = "Account", area = "", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult Login(System.String, System.String) on controller MOS.Blazor.Controllers.AccountController (MOS.Blazor).
[03:43:53 INF] Executing ChallengeResult with authentication schemes (["oidc"]).
[03:43:58 INF] Executed action MOS.Blazor.Controllers.AccountController.Login (MOS.Blazor) in 5219.8724ms
[03:43:58 INF] Executed endpoint 'MOS.Blazor.Controllers.AccountController.Login (MOS.Blazor)'
[03:43:58 ERR] An unhandled exception has occurred while executing the request.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'.
---> System.Net.Http.HttpRequestException: Connection refused (mos-st-authserver:443)
---> System.Net.Sockets.SocketException (111): Connection refused
- Gateway Web auth error: https://mos-st-gateway-web/swagger/index.html After auth: Show
- Auth ErrorTypeError: Failed to fetch
Here is my Values.yaml
# auth-server sub-chart override
authserver:
config:
selfUrl: https://mos-st-authserver
corsOrigins: https://mos-st-gateway-web,https://mos-st-gateway-web-public,https://mos-st-identity,https://mos-st-administration,https://mos-st-saas,https://mos-st-product
allowedRedirectUrls: https://mos-st-angular
identityService:
connString: "Server=mos-st-sqldb,1433;Database=MOS_Identity;User Id=sa;password=myPassw@rd"
administrationService:
connString: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService:
connString: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-authserver
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-app-authserver
tag: latest
# identity-service sub-chart override
identity:
config:
selfUrl: https://mos-st-identity
corsOrigins: https://mos-st-gateway-web, https://mos-st-gateway-web-public
connectionStrings:
identityService: "Server=mos-st-sqldb,1433;Database=MOS_Identity;User Id=sa;password=myPassw@rd"
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
identityServerClients:
blazorServerRootUrl: https://mos-st-web/
publicWebRootUrl: https://mos-st-publicweb/
webGatewayRootUrl: https://mos-st-gateway-web/
publicWebGatewayRootUrl: https://mos-st-gateway-web-public/
identityServerResources:
accountServiceRootUrl: https://mos-st-authserver/
identityServiceRootUrl: https://mos-st-identity/
administrationServiceRootUrl: https://mos-st-administration/
saasServiceRootUrl: https://mos-st-saas/
productServiceRootUrl: https://mos-st-product/
clientServiceRootUrl: https://mos-st-client/
notificationServiceRootUrl: https://mos-st-notification/
ingress:
host: mos-st-identity
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-service-identity
tag: latest
# administration-service sub-chart override
administration:
config:
selfUrl: https://mos-st-administration
gatewayUrl: http://mos-st-gateway-web
corsOrigins: https://mos-st-gateway-web,https://mos-st-gateway-web-public
connectionStrings:
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
synchedCommunication: # Used for server-to-server (client-credentials) communication with identityService for user permissions
authority: https://mos-st-authserver
ingress:
host: mos-st-administration
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-service-administration
tag: latest
# saas-service sub-chart override
saas:
config:
selfUrl: https://mos-st-saas
corsOrigins: https://mos-st-gateway-web
connectionStrings:
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-saas
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-service-saas
tag: latest
# product-service sub-chart override
product:
config:
selfUrl: https://mos-st-product
corsOrigins: https://mos-st-gateway-web,https://mos-st-gateway-web-public
connectionStrings:
productService: "Server=mos-st-sqldb,1433;Database=MOS_ProductService;User Id=sa;password=myPassw@rd"
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-product
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-service-product
tag: latest
# notification-service sub-chart override
notification:
config:
selfUrl: https://mos-st-notification
corsOrigins: https://mos-st-gateway-web,https://mos-st-gateway-web-public
connectionStrings:
notificationService: "Server=mos-st-sqldb,1433;Database=MOS_NotificationService;User Id=sa;password=myPassw@rd"
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-notification
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-service-notification
tag: latest
# client-service sub-chart override
client:
config:
selfUrl: https://mos-st-client
corsOrigins: https://mos-st-gateway-web,https://mos-st-gateway-web-public
connectionStrings:
clientService: "Server=mos-st-sqldb,1433;Database=MOS_ClientService;User Id=sa;password=myPassw@rd"
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-client
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-service-client
tag: latest
# gateway-web sub-chart override
gateway-web:
config:
selfUrl: https://mos-st-gateway-web
corsOrigins: https://mos-st-web
globalConfigurationBaseUrl: http://mos-st-gateway-web
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
reRoutes:
authserver:
schema: http
host: mos-st-authserver
port: 80
identityService:
schema: # http
host: mos-st-identity
port: 80
administrationService:
schema: http
host: mos-st-administration
port: 80
saasService:
schema: # http
host: mos-st-saas
port: 80
productService:
schema: http
host: mos-st-saas
port: 80
ingress:
host: mos-st-gateway-web
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-gateway-web
tag: latest
pullPolicy: IfNotPresent
# gateway-web-public sub-chart override
gateway-web-public:
config:
selfUrl: https://mos-st-gateway-web-public
globalConfigurationBaseUrl: http://mos-st-gateway-web-public
corsOrigins: https://mos-st-publicweb
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
reRoutes:
identityService:
schema: http
host: mos-st-identity
port: 80
administrationService:
schema: http
host: mos-st-administration
port: 80
productService:
schema: http
host: mos-st-product
port: 80
ingress:
host: mos-st-gateway-web-public
tlsSecret: mos-tls
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-gateway-web-public
tag: latest
pullPolicy: IfNotPresent
kibana:
config:
elasticsearchUrl: http://mos-st-elasticsearch:9200
# dbmigrator sub-chart override
dbmigrator:
config:
connectionStrings:
identityService: "Server=mos-st-sqldb,1433;Database=MOS_Identity;User Id=sa;password=myPassw@rd"
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
productService: "Server=mos-st-sqldb,1433;Database=MOS_ProductService;User Id=sa;password=myPassw@rd"
clientService: "Server=mos-st-sqldb,1433;Database=MOS_ClientService;User Id=sa;password=myPassw@rd"
notificationService: "Server=mos-st-sqldb,1433;Database=MOS_NotificationService;User Id=sa;password=myPassw@rd"
dotnetEnv: Staging
identityServerClients:
blazorServerRootUrl: https://mos-st-web/
publicWebRootUrl: https://mos-st-publicweb/
webGatewayRootUrl: https://mos-st-gateway-web/
publicWebGatewayRootUrl: https://mos-st-gateway-web-public/
identityServerResources:
accountServiceRootUrl: https://mos-st-authserver/
identityServiceRootUrl: https://mos-st-identity/
administrationServiceRootUrl: https://mos-st-administration/
saasServiceRootUrl: https://mos-st-saas/
productServiceRootUrl: https://mos-st-product/
clientServiceRootUrl: https://mos-st-client/
notificationServiceRootUrl: https://mos-st-notification/
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-db-migrator
tag: latest
pullPolicy: IfNotPresent
# Public Web application sub-chart override
publicweb:
config:
selfUrl: https://mos-st-publicweb
gatewayUrl: http://mos-st-gateway-web-public
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-publicweb
tlsSecret: mos-tls
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-app-publicweb
tag: latest
pullPolicy: IfNotPresent
# Web(Blazor-Server) backoffice application sub-chart override
web:
config:
selfUrl: https://mos-st-web
gatewayUrl: http://mos-st-gateway-web
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-web
tlsSecret: mos-tls
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-app-blazor-server
tag: latest
pullPolicy: IfNotPresent
# Default values for MOS.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
18 Answer(s)
-
0
Gateway Web auth error: https://mos-st-gateway-web/swagger/index.html After auth: Show
I am assuming it is AccountService since web-gateway swagger just shows the microservice swagger endpoints it redirects at API definitions.
The error indicates that the client is trying to reach the issuer at
mos-st-authserver:443however it should use http instead of https inside the internal network.Does this occur on web-gateway, AccountService only? Can you try other microservices over the web-gateway? Can you also try directly the microservice swagger endpoint?
-
0
It's very hard to figure out which env setting is HTTPS or HTTP. I have double-checked the template many times, but it does not work.
Any wrong setting will cause show "Not secure Page" and the log exception: 443 refused.
Does anyone have a workable sample run in k8s with abp.io v5.2.1?
-
0
Actually, this issue is the same as QA #3009 https://support.abp.io/QA/Questions/3009, but it closed.
-
0
Gateway Web auth error: https://mos-st-gateway-web/swagger/index.html After auth: Show
I am assuming it is AccountService since web-gateway swagger just shows the microservice swagger endpoints it redirects at API definitions.
The error indicates that the client is trying to reach the issuer at
mos-st-authserver:443however it should use http instead of https inside the internal network.Does this occur on web-gateway, AccountService only? Can you try other microservices over the web-gateway? Can you also try directly the microservice swagger endpoint?
After Auth: Console show 'https://mos-st-administration/swagger/index.html' was loaded over HTTPS, but requested an insecure resource 'http://mos-st-authserver/connect/token'.
the swagger is https, but we set the authserver to http...
-
0
It's very helpful to deploy an abp.io microservice template to a Helm hub for reference... Please consider that.
-
0
Is this docker for desktop local kubernetes cluster you are trying to run? This seems to be related to swagger authentication. I will try to reproduce the problem. Do you have any custom configurations on ingress.yaml files?
It's very helpful to deploy an abp.io microservice template to a Helm hub for reference... Please consider that.
Thank you for the suggestion. I will create an internal issue for this.
-
0
Is this docker for desktop local kubernetes cluster you are trying to run? This seems to be related to swagger authentication. I will try to reproduce the problem. Do you have any custom configurations on ingress.yaml files?
It's very helpful to deploy an abp.io microservice template to a Helm hub for reference... Please consider that.
Thank you for the suggestion. I will create an internal issue for this.
Yes, I use the docker desktop for testing. No change with the ingress file, just installed the NGINX Ingress Controller according to the description.
kubernetes.io/ingress.class: "nginx"Only install the "cert-manager" in k8s but do nothing, because I just tested in the local network. Should I do something about the
letsencrypt?cert-manager.io/cluster-issuer: letsencrypt -
0
Letsencrypt won't work since you are not using real domains. Is your authserver (already accountservice) running on https?
Do you get Not secure/trusted error? Internal request to issuer endpoint can fail because of returning a not secure page.
-
0
accountservice
It works well in https://mos-st-authserver/Account/Login
But if I authorize from https://mos-st-administration/swagger/index.html , the first time it will show:
I have nothing change about the authserver project, build it with docker build (/build-images.ps1) and add the TLS secret follow this document : https://github.com/abpframework/eShopOnAbp/tree/main/etc
-
0
Letsencrypt won't work since you are not using real domains. Is your authserver (already accountservice) running on https?
Do you get Not secure/trusted error? Internal request to issuer endpoint can fail because of returning a not secure page.
Is that a way to let service call authserver with https, because all the question is base on it
This is a exception from Administration Service.
[08:30:02 INF] Request starting HTTP/1.1 GET http://mos-st-administration/api/language-management/languages/all - - [08:30:02 ERR] Exception occurred while processing message. System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'. ---> System.Net.Http.HttpRequestException: Connection refused (mos-st-authserver:443) ---> System.Net.Sockets.SocketException (111): Connection refused at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken) at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token) at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken) --- End of inner exception stack trace ---This exception cause by I try to use postman get token from https://mos-st-authserver/ and use token to get service : https://mos-st-administration/api/language-management/languages/all
This is the payload in token:
{ "nbf": 1651826063, "exp": 1683362063, "iss": "https://mos-st-authserver", "aud": "AdministrationService", "client_id": "WebGateway_Swagger", "sub": "414da19f-8697-7bc7-089e-3a03aa97ec05", "auth_time": 1651826063, "idp": "local", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "admin", "unique_name": "admin", "preferred_username": "admin", "given_name": "admin", "role": "admin", "phone_number_verified": "False", "email": "admin@abp.io", "email_verified": "False", "name": "admin", "sid": "0112997F344EA7D0B1C09B7AB815FBE2", "iat": 1651826063, "scope": [ "AdministrationService" ], "amr": [ "pwd" ] } -
0
It is not related with the token.
Add the code below to AdministrationServiceModule
ConfigureServicesmethod to see detailed information about the OpenId error:Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;It can be a problem with swagger authorization. When you are making a request from the browser to login, you are redirected to
http://mos-st-authserver(AuthServer:Authority) however it is served under https on the browser.Maybe you can try sending a header from WebGateway Ingress and write a midware at AuthServer to redirect to https if the request is coming from the browser:
app.Use(async (ctx, next) => { if (ctx.Request.Headers.ContainsKey("from-ingress")) { ctx.Request.Scheme = "https"; return next(); } return next(); });This way, when you are making a login request from swagger, you should be redirected to
https://mos-st-authserverand the token validation Issuer will still navigate tohttp://mos-st-authserverinside the internal kubernetes network. -
0
It is not related with the token.
Add the code below to AdministrationServiceModule
ConfigureServicesmethod to see detailed information about the OpenId error:Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;It can be a problem with swagger authorization. When you are making a request from the browser to login, you are redirected to
http://mos-st-authserver(AuthServer:Authority) however it is served under https on the browser.Maybe you can try sending a header from WebGateway Ingress and write a midware at AuthServer to redirect to https if the request is coming from the browser:
app.Use(async (ctx, next) => { if (ctx.Request.Headers.ContainsKey("from-ingress")) { ctx.Request.Scheme = "https"; return next(); } return next(); });This way, when you are making a login request from swagger, you should be redirected to
https://mos-st-authserverand the token validation Issuer will still navigate tohttp://mos-st-authserverinside the internal kubernetes network.The default template contains the logic just like what you said. And I change it to "ctx.Request.Scheme = "https" and it shows the same error log.
app.Use(async (ctx, next) => { if (ctx.Request.Headers.ContainsKey("from-ingress")) { ctx.SetIdentityServerOrigin(configuration["App:SelfUrl"]); } await next(); });I use Postman to get token success and request the API in http://mos-st-administration/api/language-management/languages/all To avoid the swagger redirect, just use REST-API only. I have set all the yaml
- name: AuthServer__Authority value: http://mos-st-authserver - name: AuthServer__RequireHttpsMetadata value: 'false'but it still show the error: ---> System.Net.Http.HttpRequestException: Connection refused (mos-st-authserver:443) I have no idea why it redirect to 443
-
0
There may be a problem with overriding the configuration in your kubernetes values files.
Do you deploy as a single helm chart and be sure that the
Values.yamlhas the correct configuration? If you are deploying applications individually, you need to update related helm chartValues.yaml.Can you also add the related code to show detailed OpenId error and rebuild/redeploy your application? There might be a clue.
-
0
There may be a problem with overriding the configuration in your kubernetes values files.
Do you deploy as a single helm chart and be sure that the
Values.yamlhas the correct configuration? If you are deploying applications individually, you need to update related helm chartValues.yaml.Can you also add the related code to show detailed OpenId error and rebuild/redeploy your application? There might be a clue.
Here is the yamls I copy from kubernetes dashboard. administration:
kind: Deployment apiVersion: apps/v1 metadata: name: mos-st-administration namespace: mos-st uid: 5e6f7465-f220-4e47-bc88-e8ef0f0b31c0 resourceVersion: '1475368' generation: 2 creationTimestamp: '2022-05-08T04:43:48Z' labels: app.kubernetes.io/managed-by: Helm annotations: deployment.kubernetes.io/revision: '2' meta.helm.sh/release-name: mos-st meta.helm.sh/release-namespace: mos-st managedFields: - manager: helm operation: Update apiVersion: apps/v1 time: '2022-05-08T04:43:48Z' fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:meta.helm.sh/release-name: {} f:meta.helm.sh/release-namespace: {} f:labels: .: {} f:app.kubernetes.io/managed-by: {} f:spec: f:progressDeadlineSeconds: {} f:replicas: {} f:revisionHistoryLimit: {} f:selector: {} f:strategy: f:rollingUpdate: .: {} f:maxSurge: {} f:maxUnavailable: {} f:type: {} f:template: f:metadata: f:labels: .: {} f:app: {} f:spec: f:containers: k:{"name":"mos-st-administration"}: .: {} f:env: .: {} k:{"name":"App__CorsOrigins"}: .: {} f:name: {} f:value: {} k:{"name":"App__SelfUrl"}: .: {} f:name: {} f:value: {} k:{"name":"AuthServer__Authority"}: .: {} f:name: {} f:value: {} k:{"name":"AuthServer__RequireHttpsMetadata"}: .: {} f:name: {} f:value: {} k:{"name":"ConnectionStrings__AdministrationService"}: .: {} f:name: {} f:value: {} k:{"name":"ConnectionStrings__SaasService"}: .: {} f:name: {} f:value: {} k:{"name":"DOTNET_ENVIRONMENT"}: .: {} f:name: {} f:value: {} k:{"name":"ElasticSearch__Url"}: .: {} f:name: {} f:value: {} k:{"name":"IdentityClients__Default__Authority"}: .: {} f:name: {} k:{"name":"RabbitMQ__Connections__Default__HostName"}: .: {} f:name: {} f:value: {} k:{"name":"Redis__Configuration"}: .: {} f:name: {} f:value: {} k:{"name":"RemoteServices__Default__BaseUrl"}: .: {} f:name: {} f:value: {} k:{"name":"StringEncryption__DefaultPassPhrase"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":80,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:imagePullSecrets: .: {} k:{"name":"regcred"}: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} - manager: dashboard operation: Update apiVersion: apps/v1 time: '2022-05-08T07:46:42Z' fieldsType: FieldsV1 fieldsV1: f:spec: f:template: f:spec: f:containers: k:{"name":"mos-st-administration"}: f:env: k:{"name":"IdentityClients__Default__Authority"}: f:value: {} - manager: kube-controller-manager operation: Update apiVersion: apps/v1 time: '2022-05-08T07:46:44Z' fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:deployment.kubernetes.io/revision: {} f:status: f:availableReplicas: {} f:conditions: .: {} k:{"type":"Available"}: .: {} f:lastTransitionTime: {} f:lastUpdateTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} k:{"type":"Progressing"}: .: {} f:lastTransitionTime: {} f:lastUpdateTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} f:updatedReplicas: {} subresource: status spec: replicas: 1 selector: matchLabels: app: mos-st-administration template: metadata: creationTimestamp: null labels: app: mos-st-administration spec: containers: - name: mos-st-administration image: >- 359134898311.dkr.ecr.ap-east-1.amazonaws.com/mos-service-administration:latest ports: - name: http containerPort: 80 protocol: TCP - name: https containerPort: 443 protocol: TCP env: - name: App__SelfUrl value: https://mos-st-administration - name: RemoteServices__Default__BaseUrl value: http://mos-st-gateway-web - name: App__CorsOrigins value: https://mos-st-gateway-web,https://mos-st-gateway-web-public - name: IdentityClients__Default__Authority value: http://mos-st-authserver - name: ConnectionStrings__AdministrationService value: >- Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd - name: ConnectionStrings__SaasService value: >- Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd - name: DOTNET_ENVIRONMENT value: Staging - name: Redis__Configuration value: mos-st-redis - name: AuthServer__Authority value: http://mos-st-authserver - name: AuthServer__RequireHttpsMetadata value: 'false' - name: StringEncryption__DefaultPassPhrase value: gsKnGZ041HLL4IM8 - name: RabbitMQ__Connections__Default__HostName value: mos-st-rabbitmq - name: ElasticSearch__Url value: http://mos-st-elasticsearch resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: IfNotPresent restartPolicy: Always terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirst securityContext: {} imagePullSecrets: - name: regcred schedulerName: default-scheduler strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 25% maxSurge: 25% revisionHistoryLimit: 10 progressDeadlineSeconds: 600 status: observedGeneration: 2 replicas: 1 updatedReplicas: 1 readyReplicas: 1 availableReplicas: 1 conditions: - type: Available status: 'True' lastUpdateTime: '2022-05-08T04:44:27Z' lastTransitionTime: '2022-05-08T04:44:27Z' reason: MinimumReplicasAvailable message: Deployment has minimum availability. - type: Progressing status: 'True' lastUpdateTime: '2022-05-08T07:46:44Z' lastTransitionTime: '2022-05-08T04:43:48Z' reason: NewReplicaSetAvailable message: >- ReplicaSet "mos-st-administration-5bc6f6fc68" has successfully progressed. kind: Service apiVersion: v1 metadata: name: mos-st-administration namespace: mos-st uid: 4596aec0-241f-4024-98d7-836037649eb0 resourceVersion: '1458270' creationTimestamp: '2022-05-08T04:43:48Z' labels: app.kubernetes.io/managed-by: Helm name: mos-st-administration annotations: meta.helm.sh/release-name: mos-st meta.helm.sh/release-namespace: mos-st managedFields: - manager: helm operation: Update apiVersion: v1 time: '2022-05-08T04:43:48Z' fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:meta.helm.sh/release-name: {} f:meta.helm.sh/release-namespace: {} f:labels: .: {} f:app.kubernetes.io/managed-by: {} f:name: {} f:spec: f:internalTrafficPolicy: {} f:ports: .: {} k:{"port":80,"protocol":"TCP"}: .: {} f:name: {} f:port: {} f:protocol: {} f:targetPort: {} k:{"port":443,"protocol":"TCP"}: .: {} f:name: {} f:port: {} f:protocol: {} f:targetPort: {} f:selector: {} f:sessionAffinity: {} f:type: {} spec: ports: - name: '80' protocol: TCP port: 80 targetPort: 80 - name: '443' protocol: TCP port: 443 targetPort: 443 selector: app: mos-st-administration clusterIP: 10.101.5.16 clusterIPs: - 10.101.5.16 type: ClusterIP sessionAffinity: None ipFamilies: - IPv4 ipFamilyPolicy: SingleStack internalTrafficPolicy: Cluster status: loadBalancer: {} kind: Ingress apiVersion: networking.k8s.io/v1 metadata: name: mos-st-administration-ingress namespace: mos-st uid: b4eb866f-e020-4bee-9a53-05a46b5f4185 resourceVersion: '1458741' generation: 1 creationTimestamp: '2022-05-08T04:43:48Z' labels: app.kubernetes.io/managed-by: Helm annotations: meta.helm.sh/release-name: mos-st meta.helm.sh/release-namespace: mos-st nginx.ingress.kubernetes.io/force-ssl-redirect: 'true' nginx.ingress.kubernetes.io/proxy-buffer-size: 32k nginx.ingress.kubernetes.io/proxy-buffers-number: '8' nginx.ingress.kubernetes.io/rewrite-target: / managedFields: - manager: helm operation: Update apiVersion: networking.k8s.io/v1 time: '2022-05-08T04:43:48Z' fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:meta.helm.sh/release-name: {} f:meta.helm.sh/release-namespace: {} f:nginx.ingress.kubernetes.io/force-ssl-redirect: {} f:nginx.ingress.kubernetes.io/proxy-buffer-size: {} f:nginx.ingress.kubernetes.io/proxy-buffers-number: {} f:nginx.ingress.kubernetes.io/rewrite-target: {} f:labels: .: {} f:app.kubernetes.io/managed-by: {} f:spec: f:ingressClassName: {} f:rules: {} f:tls: {} - manager: nginx-ingress-controller operation: Update apiVersion: networking.k8s.io/v1 time: '2022-05-08T04:44:14Z' fieldsType: FieldsV1 fieldsV1: f:status: f:loadBalancer: f:ingress: {} subresource: status spec: ingressClassName: nginx tls: - hosts: - mos-st-administration secretName: mos-tls rules: - host: mos-st-administration http: paths: - path: / pathType: Prefix backend: service: name: mos-st-administration port: number: 80 status: loadBalancer: ingress: - hostname: localhostAnd the .net code I still use the default template.
-
0
Authserver:
kind: Deployment apiVersion: apps/v1 metadata: name: mos-st-authserver namespace: mos-st uid: fd70d8ec-d3f9-464c-b5a9-b1be44174758 resourceVersion: '1474532' generation: 1 creationTimestamp: '2022-05-08T04:43:48Z' labels: app.kubernetes.io/managed-by: Helm annotations: deployment.kubernetes.io/revision: '2' meta.helm.sh/release-name: mos-st meta.helm.sh/release-namespace: mos-st managedFields: - manager: helm operation: Update apiVersion: apps/v1 time: '2022-05-08T04:43:48Z' fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:meta.helm.sh/release-name: {} f:meta.helm.sh/release-namespace: {} f:labels: .: {} f:app.kubernetes.io/managed-by: {} f:spec: f:progressDeadlineSeconds: {} f:replicas: {} f:revisionHistoryLimit: {} f:selector: {} f:strategy: f:rollingUpdate: .: {} f:maxSurge: {} f:maxUnavailable: {} f:type: {} f:template: f:metadata: f:labels: .: {} f:app: {} f:spec: f:containers: k:{"name":"mos-st-authserver"}: .: {} f:env: .: {} k:{"name":"App__CorsOrigins"}: .: {} f:name: {} f:value: {} k:{"name":"App__RedirectAllowedUrls"}: .: {} f:name: {} f:value: {} k:{"name":"App__SelfUrl"}: .: {} f:name: {} f:value: {} k:{"name":"AuthServer__Authority"}: .: {} f:name: {} f:value: {} k:{"name":"AuthServer__RequireHttpsMetadata"}: .: {} f:name: {} f:value: {} k:{"name":"ConnectionStrings__AdministrationService"}: .: {} f:name: {} f:value: {} k:{"name":"ConnectionStrings__IdentityService"}: .: {} f:name: {} f:value: {} k:{"name":"ConnectionStrings__SaasService"}: .: {} f:name: {} f:value: {} k:{"name":"DOTNET_ENVIRONMENT"}: .: {} f:name: {} f:value: {} k:{"name":"ElasticSearch__Url"}: .: {} f:name: {} f:value: {} k:{"name":"RabbitMQ__Connections__Default__HostName"}: .: {} f:name: {} f:value: {} k:{"name":"Redis__Configuration"}: .: {} f:name: {} f:value: {} k:{"name":"StringEncryption__DefaultPassPhrase"}: .: {} f:name: {} f:value: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:ports: .: {} k:{"containerPort":80,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} k:{"containerPort":443,"protocol":"TCP"}: .: {} f:containerPort: {} f:name: {} f:protocol: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:imagePullSecrets: .: {} k:{"name":"regcred"}: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} - manager: kube-controller-manager operation: Update apiVersion: apps/v1 time: '2022-05-08T07:38:05Z' fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:deployment.kubernetes.io/revision: {} f:status: f:availableReplicas: {} f:collisionCount: {} f:conditions: .: {} k:{"type":"Available"}: .: {} f:lastTransitionTime: {} f:lastUpdateTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} k:{"type":"Progressing"}: .: {} f:lastTransitionTime: {} f:lastUpdateTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} f:observedGeneration: {} f:readyReplicas: {} f:replicas: {} f:updatedReplicas: {} subresource: status spec: replicas: 1 selector: matchLabels: app: mos-st-authserver template: metadata: creationTimestamp: null labels: app: mos-st-authserver spec: containers: - name: mos-st-authserver image: >- 359134898311.dkr.ecr.ap-east-1.amazonaws.com/mos-app-authserver:latest ports: - name: http containerPort: 80 protocol: TCP - name: https containerPort: 443 protocol: TCP env: - name: App__SelfUrl value: https://mos-st-authserver - name: App__CorsOrigins value: >- https://mos-st-gateway-web,https://mos-st-gateway-web-public,https://mos-st-identity,https://mos-st-administration,https://mos-st-saas,https://mos-st-product,https://mos-st-client,https://mos-st-notification - name: App__RedirectAllowedUrls value: https://mos-st-web - name: ConnectionStrings__IdentityService value: >- Server=mos-st-sqldb,1433;Database=MOS_Identity;User Id=sa;password=myPassw@rd - name: ConnectionStrings__AdministrationService value: >- Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd - name: ConnectionStrings__SaasService value: >- Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd - name: AuthServer__Authority value: http://mos-st-authserver - name: AuthServer__RequireHttpsMetadata value: 'false' - name: DOTNET_ENVIRONMENT value: Staging - name: Redis__Configuration value: mos-st-redis - name: StringEncryption__DefaultPassPhrase value: gsKnGZ041HLL4IM8 - name: RabbitMQ__Connections__Default__HostName value: mos-st-rabbitmq - name: ElasticSearch__Url value: http://mos-st-elasticsearch resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: IfNotPresent restartPolicy: Always terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirst securityContext: {} imagePullSecrets: - name: regcred schedulerName: default-scheduler strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 25% maxSurge: 25% revisionHistoryLimit: 10 progressDeadlineSeconds: 600 status: observedGeneration: 1 replicas: 1 updatedReplicas: 1 readyReplicas: 1 availableReplicas: 1 conditions: - type: Available status: 'True' lastUpdateTime: '2022-05-08T04:44:24Z' lastTransitionTime: '2022-05-08T04:44:24Z' reason: MinimumReplicasAvailable message: Deployment has minimum availability. - type: Progressing status: 'True' lastUpdateTime: '2022-05-08T07:38:05Z' lastTransitionTime: '2022-05-08T04:43:48Z' reason: NewReplicaSetAvailable message: ReplicaSet "mos-st-authserver-786b955d9" has successfully progressed. collisionCount: 1 kind: Service apiVersion: v1 metadata: name: mos-st-authserver namespace: mos-st uid: d697633c-6212-4866-9629-957b79b182e5 resourceVersion: '1474383' creationTimestamp: '2022-05-08T04:43:48Z' labels: app.kubernetes.io/managed-by: Helm name: mos-st-authserver annotations: meta.helm.sh/release-name: mos-st meta.helm.sh/release-namespace: mos-st managedFields: - manager: helm operation: Update apiVersion: v1 time: '2022-05-08T04:43:48Z' fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:meta.helm.sh/release-name: {} f:meta.helm.sh/release-namespace: {} f:labels: .: {} f:app.kubernetes.io/managed-by: {} f:name: {} f:spec: f:internalTrafficPolicy: {} f:ports: .: {} k:{"port":80,"protocol":"TCP"}: .: {} f:name: {} f:port: {} f:protocol: {} f:targetPort: {} f:selector: {} f:sessionAffinity: {} f:type: {} spec: ports: - name: '80' protocol: TCP port: 80 targetPort: 80 selector: app: mos-st-authserver clusterIP: 10.107.232.76 clusterIPs: - 10.107.232.76 type: ClusterIP sessionAffinity: None ipFamilies: - IPv4 ipFamilyPolicy: SingleStack internalTrafficPolicy: Cluster status: loadBalancer: {} kind: Ingress apiVersion: networking.k8s.io/v1 metadata: name: mos-st-authserver-ingress namespace: mos-st uid: 1f83db9c-77d5-42e0-87b2-04c380eb2152 resourceVersion: '1458727' generation: 1 creationTimestamp: '2022-05-08T04:43:48Z' labels: app.kubernetes.io/managed-by: Helm annotations: meta.helm.sh/release-name: mos-st meta.helm.sh/release-namespace: mos-st nginx.ingress.kubernetes.io/configuration-snippet: | more_set_input_headers "from-ingress: true"; nginx.ingress.kubernetes.io/force-ssl-redirect: 'true' nginx.ingress.kubernetes.io/proxy-buffer-size: 32k nginx.ingress.kubernetes.io/proxy-buffers-number: '8' nginx.ingress.kubernetes.io/rewrite-target: / managedFields: - manager: helm operation: Update apiVersion: networking.k8s.io/v1 time: '2022-05-08T04:43:48Z' fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:meta.helm.sh/release-name: {} f:meta.helm.sh/release-namespace: {} f:nginx.ingress.kubernetes.io/configuration-snippet: {} f:nginx.ingress.kubernetes.io/force-ssl-redirect: {} f:nginx.ingress.kubernetes.io/proxy-buffer-size: {} f:nginx.ingress.kubernetes.io/proxy-buffers-number: {} f:nginx.ingress.kubernetes.io/rewrite-target: {} f:labels: .: {} f:app.kubernetes.io/managed-by: {} f:spec: f:ingressClassName: {} f:rules: {} f:tls: {} - manager: nginx-ingress-controller operation: Update apiVersion: networking.k8s.io/v1 time: '2022-05-08T04:44:13Z' fieldsType: FieldsV1 fieldsV1: f:status: f:loadBalancer: f:ingress: {} subresource: status spec: ingressClassName: nginx tls: - hosts: - mos-st-authserver secretName: mos-tls rules: - host: mos-st-authserver http: paths: - path: / pathType: Prefix backend: service: name: mos-st-authserver port: number: 80 status: loadBalancer: ingress: - hostname: localhost -
0
Overriding seems okay though.
Can you share the log again after adding
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;and make a new request?It should have detailed information about this log:
[08:30:02 INF] Request starting HTTP/1.1 GET http://mos-st-administration/api/language-management/languages/all - - [08:30:02 ERR] Exception occurred while processing message. System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'. -
0
Overriding seems okay though.
Can you share the log again after adding
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;and make a new request?It should have detailed information about this log:
[08:30:02 INF] Request starting HTTP/1.1 GET http://mos-st-administration/api/language-management/languages/all - - [08:30:02 ERR] Exception occurred while processing message. System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'.Thank you for your advice, after add
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;I find out the IDX20803 error caused by the AddAbpOpenIdConnect without ValidIssuers named with https. add the following code to context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>);options.TokenValidationParameters.ValidIssuers = new [] { "https://mos-st-authserver" };It works for me to call API with the token from "https://mos-st-authserver" But the swagger client auth still has the error "mixed content".
swagger-ui-bundle.js:2 Mixed Content: The page at 'https://mos-st-product/swagger/index.html' was loaded over HTTPS, but requested an insecure resource 'http://mos-st-authserver/connect/token'. This content should also be served over HTTPS.If I change the Chrome secure setting, the error change to
Access to fetch at 'http://mos-st-authserver/connect/token' from origin 'https://mos-st-product' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.Now I focus on the
blazor-server-clienthttps://mos-st-web/ . When I want to login from https://mos-st-web/ Here is the error log in auth-server[08:41:35 INF] Request starting HTTP/1.1 GET http://mos-st-authserver/connect/authorize?client_id=MOS_BlazorServer&redirect_uri=http%3A%2F%2Fmos-st-web%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20role%20email%20phone%20AccountService%20IdentityService%20AdministrationService%20SaasService%20ProductService%20ClientService%20NotificationService&response_mode=form_post&nonce=637879416953018402.YTE3YTQyNjgtMTJjNC00NzZjLWFjMmUtYjhiNDYyMDdkZmJiZjdlMjA4NWEtZDAyYi00OTFmLTk1ZWQtY2E5ZDg5OTg0NDk2&state=CfDJ8D0lQb5tKTBFn4uvn3Xu6kTrGlmQ5pIAHO9_xiwDvTtF4TXcIPLylJ5oUw6jKOI3HrO1Wa2DeNoSknjhVjluYVGkT-Ts5ddwQazu-vhuSGcykxdqXiYnFWo0l94A1EUClJBVxx_nwpxgTl31-InEMWgDY9cB5VVa9g0If-JP9_7DZYNqeKKfVGixysAzse3QQaix4BIyfnZarJ4u6ngtGuQrpvUT8Sc1nX72f6g5AEkUVWQBgcKIG_7brkMLL30U3bza7dxohmG4BmoywziAlwynG8kzcsb_1YpklsV1kQj1&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.10.0.0 - - [08:41:35 INF] Identity.Application was not authenticated. Failure message: Unprotect ticket failed [08:41:35 INF] Identity.Application was not authenticated. Failure message: Unprotect ticket failed [08:41:36 INF] Identity.Application was not authenticated. Failure message: Unprotect ticket failed [08:41:36 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize [08:41:36 INF] Identity.Application was not authenticated. Failure message: Unprotect ticket failed [08:41:36 ERR] Invalid redirect_uri: http://mos-st-web/signin-oidc {"ClientId": "MOS_BlazorServer", "ClientName": "MOS_BlazorServer", "RedirectUri": null, "AllowedRedirectUris": ["https://mos-st-web/signin-oidc"], "SubjectId": "anonymous", "ResponseType": null, "ResponseMode": null, "GrantType": null, "RequestedScopes": "", "State": null, "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": "", "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": {"client_id": "MOS_BlazorServer", "redirect_uri": "http://mos-st-web/signin-oidc", "response_type": "code id_token", "scope": "openid profile role email phone AccountService IdentityService AdministrationService SaasService ProductService ClientService NotificationService", "response_mode": "form_post", "nonce": "637879416953018402.YTE3YTQyNjgtMTJjNC00NzZjLWFjMmUtYjhiNDYyMDdkZmJiZjdlMjA4NWEtZDAyYi00OTFmLTk1ZWQtY2E5ZDg5OTg0NDk2", "state": "CfDJ8D0lQb5tKTBFn4uvn3Xu6kTrGlmQ5pIAHO9_xiwDvTtF4TXcIPLylJ5oUw6jKOI3HrO1Wa2DeNoSknjhVjluYVGkT-Ts5ddwQazu-vhuSGcykxdqXiYnFWo0l94A1EUClJBVxx_nwpxgTl31-InEMWgDY9cB5VVa9g0If-JP9_7DZYNqeKKfVGixysAzse3QQaix4BIyfnZarJ4u6ngtGuQrpvUT8Sc1nX72f6g5AEkUVWQBgcKIG_7brkMLL30U3bza7dxohmG4BmoywziAlwynG8kzcsb_1YpklsV1kQj1", "x-client-SKU": "ID_NETSTANDARD2_0", "x-client-ver": "6.10.0.0"}, "$type": "AuthorizeRequestValidationLog"} [08:41:36 ERR] Request validation failedI think it's the redirect_uri=http://mos-st-web/signin-oidc should be https://mos-st-web/signin-oidc How can I change this request, and fix
Identity.Application was not authenticated. Failure message: Unprotect ticket failed -
0
I think it's the redirect_uri=http://mos-st-web/signin-oidc should be https://mos-st-web/signin-oidc
Yes, you are right. Redirect URI must match with OpenId Connect options and the one saved in the database when creating the client.
You can update it from the database manually or from the IdentityServerDataSeeder and re-create DB and re-seed.
