ABP Framework version: v7.0 latest
UI type: MVC
DB provider: EF Core
**Tiered (MVC)
All pods are up and running successfully and we are able to access authserver application
Steps to reproduce the issue:"While deploying the application through CI-CD pipelines, we are able to access every application except web app and public web app
While checking pods, we are getting the logs which are provided below
---------------------
Exception message and stack trace:
We are using Azure Kubernetes Services for hosting and for building we are using Azure DevOps pipelines
We are unable to access public web app and web app, they are showing 502 bad gateway errors
logs of both pods are similar
[10:27:40 INF] Initialized all ABP modules. [10:27:41 INF] Now listening on: http://[::]:80 [10:27:41 INF] Now listening on: https://[::]:443 [10:27:41 INF] Application started. Press Ctrl+C to shut down. [10:27:41 INF] Hosting environment: Production [10:27:41 INF] Content root path: /app/ [10:27:50 INF] Request starting HTTP/1.1 GET http://publicweb.jailocal.in/ - - [10:27:50 INF] Start processing HTTP request GET https://authserver.jailocal.in/.well-known/openid-configuration [10:27:50 INF] Sending HTTP request GET https://authserver.jailocal.in/.well-known/openid-configuration [10:27:50 INF] Received HTTP response headers after 119.174ms - 200 [10:27:50 INF] End processing HTTP request after 130.2113ms - 200 [10:27:50 ERR] Connection id "0HMNKGUK23U8M", Request id "0HMNKGUK23U8M:00000002": An unhandled exception was thrown by the application. Volo.Abp.AbpException: Could not retrieve the OpenId Connect discovery document! ErrorType: PolicyViolation. Error: Issuer name does not match authority: http://authserver.jailocal.in/ at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetDiscoveryResponse(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.CreateClientCredentialsTokenRequestAsync(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetTokenResponse(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenAsync(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenOrNullAsync(String identityClientName) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.TryAuthenticateAsync(HttpClient client, String identityClientName) at Volo.Abp.Http.Client.IdentityModel.IdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context) at Volo.Abp.Http.Client.IdentityModel.Web.HttpContextIdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase
1.RequestAsync(ClientProxyRequestContext requestContext) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase
1.RequestAsync[T](ClientProxyRequestContext requestContext) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments) at Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ClientProxies.AbpApplicationConfigurationClientProxy.GetAsync() at Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.<GetAsync>b__13_0() at Volo.Abp.Caching.DistributedCache
2.GetOrAddAsync(TCacheKey key, Func1 factory, Func
1 optionsFactory, Nullable`1 hideErrors, Boolean considerUow, CancellationToken token) at Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.GetAsync() at Volo.Abp.AspNetCore.Mvc.Client.RemoteLanguageProvider.GetLanguagesAsync() at Microsoft.AspNetCore.RequestLocalization.DefaultAbpRequestLocalizationOptionsProvider.GetLocalizationOptionsAsync()
- Appsettings.json file for publicwebapp is
- { "App": { "SelfUrl": "https://localhost:44335" }, "AuthServer": { "Authority": "https://localhost:44322", "RequireHttpsMetadata": "false", "ClientId": "PublicWeb", "ClientSecret": "1q2w3e*", "IsOnK8s": "true", "MetaAddress": "https://localhost:44322" }, "IdentityClients": { "Default": { "GrantType": "client_credentials", "ClientId": "PublicWeb", "ClientSecret": "1q2w3e*", "Authority": "https://localhost:44322", "Scope": "IdentityService" } }, "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } }, "AllowedHosts": "*", "RemoteServices": { "Default": { "BaseUrl": "https://localhost:44353" }, "AbpIdentity": { "BaseUrl": "https://localhost:44388/", "UseCurrentAccessToken": "false" } }, "StringEncryption": { "DefaultPassPhrase": "7XVHOPyjN5Laxsjb" }, "Redis": { "Configuration": "localhost:6379" }, "RabbitMQ": { "Connections": { "Default": { "HostName": "localhost" } }, "EventBus": { "ClientName": "PublicWeb", "ExchangeName": "POC" } }, "ElasticSearch": { "Url": "http://localhost:9200" } }
*** yaml file for public web app is **
- #Deployment apiVersion: apps/v1 kind: Deployment metadata: name: publicwebapp spec: replicas: 1 selector: matchLabels: app: publicwebapp template: metadata: labels: app: publicwebapp spec: containers: - name: publicwebapp image: imagename:$(Build.BuildId) imagePullPolicy: IfNotPresent env: - name: ASPNETCORE_ENVIRONMENT value: "Production" - name: ASPNETCORE_URLS value: "http://+:80;https://+:443" - name: App__SelfUrl value: "https://publicweb.domain.in" - name: "AuthServer__Authority" value: "https://authserver.domian.in" - name: "AuthServer__RequireHttpsMetadata" value: "false" - name: "AuthServer__IsOnK8s" value: "true" - name: "AuthServer__MetaAddress" value: "https://authserver.domain.in" - name: IdentityClients__Default__Authority value: "https://authserver.domain.in" - name: RemoteServices__Default__BaseUrl value: "https://publicwebgateway.domain.in" - name: RemoteServices__AbpIdentity__BaseUrl value: "https://identity.domain.in" - name: RemoteServices__AbpIdentity__UseCurrentAccessToken value: "false" - name: "StringEncryption__DefaultPassPhrase" value: "7XVHOPyjN5Laxsjb" - name: "Redis__Configuration" value: "redis" - name: "RabbitMQ__Connections__Default__HostName" value: "rabbitmq" - name: "ElasticSearch__Url" value: "https://elasticsearch.domain.in" - name: ASPNETCORE_Kestrel__Certificates__Default__Path value: "app/dev-cert/localhost.pfx" - name: ASPNETCORE_Kestrel__Certificates__Default__Password value: "e8202f07-66e5-4619-be07-72ba76fde97f" - name: CustomConnectionString__Environment ports: - name: http containerPort: 80 protocol: TCP - name: https containerPort: 443 protocol: TCP
- All pods are up and running successfully and we are able to access authserver application
- Steps to reproduce the issue:"While deploying the application through CI-CD pipelines, we are able to access every application except web app and public web app
- While checking pods, we are getting the logs which are provided above
1 Answer(s)
-
0
Your authority and the issuer doesn't match basically.
Expected issuer: https://authserver.domian.in Your issuer: http://authserver.jailocal.in/
You can set issuer at
OpenIddictServerBuilder
option:PreConfigure<OpenIddictServerBuilder>(builder => { ... builder.SetIssuer(new Uri(configuration["AuthServer:Authority"])); //Should be "https://authserver.domian.in" });
Your authserver MetaAddress should be http://authserver.jailocal.in/ which will be requested internally during token validation.