- ABP Framework version: v8.0.2
- UI Type: MVC
- Database System: EF Core ( PostgreSQL)
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
- Exception message and full stack trace:
- Steps to reproduce the issue:
Created Project using abp suite with public site, cms, Tired and Seprate Tenant Schema
i want diff urls for tenants like for that i config
in Auth Project PreConfigure<AbpOpenIddictWildcardDomainOptions>(options => { options.EnableWildcardDomainSupport = true; options.WildcardDomainsFormat.Add("https://{0}.auth.domain.com"); });
and
Configure<AbpTenantResolveOptions>(options => { options.AddDomainTenantResolver("{0}.auth.domain.com"); });
In Web Project Configure<AbpTenantResolveOptions>(options => { options.AddDomainTenantResolver("{0}.web.domain.com"); });
in HttpApi.Host
Configure<AbpTenantResolveOptions>(options => { options.AddDomainTenantResolver("{0}.api.domain.com"); });
now i want to add in openidcconnect
in this i added urls for Application Type : Web ClientUrl : https://web.domain.com/ Redirect Uris : https://web.domain.com/signin-oidc Post Logout Redirect Uris:https://web.domain.com/signout-callback-oidc
how to config dynamic tenant wise urls in this?
11 Answer(s)
-
0
hi
https://github.com/abpframework/abp-samples/blob/master/DomainTenantResolver/MVC-TIERED/src/Acme.BookStore.Web/BookStoreWebModule.cs#L145-L177
-
0
hi
https://github.com/abpframework/abp-samples/blob/master/DomainTenantResolver/MVC-TIERED/src/Acme.BookStore.Web/BookStoreWebModule.cs#L145-L177
i have to add in web and Httpapi.Host both?
.AddAbpOpenIdConnect("oidc", options => { options.Authority = configuration["AuthServer:Authority"]; options.RequireHttpsMetadata = configuration.GetValue<bool>("AuthServer:RequireHttpsMetadata"); options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.ClientId = configuration["AuthServer:ClientId"]; options.ClientSecret = configuration["AuthServer:ClientSecret"]; options.UsePkce = true; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("roles"); options.Scope.Add("email"); options.Scope.Add("phone"); options.Scope.Add("TestIdentity"); options.Events.OnRedirectToIdentityProviderForSignOut = redirectContext => { var currentTenant = redirectContext.HttpContext.RequestServices.GetRequiredService<ICurrentTenant>(); if (currentTenant.IsAvailable) { //https://ids.getabp.net:44301 redirectContext.ProtocolMessage.IssuerAddress = redirectContext.ProtocolMessage.IssuerAddress.Replace("ids", $"{currentTenant.Name}.ids"); } return Task.CompletedTask; }; options.Events.OnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProviderForSignOut;});
-
0
hi
You only need to add
AddAbpOpenIdConnectfor the projects that useOpenIdConnect. -
0
hi
You only need to add
AddAbpOpenIdConnectfor the projects that useOpenIdConnect.i want like if i create tenant name smc then urls are smc.web.domain.com smc.auth.domain.com
but its when i click login button from smc.web.domain.com then its redirect to auth.domain.com and throw 400 https://auth.domain.com/Error?httpStatusCode=400 In Auth Project Logs ->
2024-02-21 13:38:35.147 +05:30 [INF] Request finished HTTP/1.1 GET https://auth.domain.com/.well-known/jwks - 200 1667 application/json;charset=UTF-8 14.1696ms 2024-02-21 13:38:39.349 +05:30 [INF] Request starting HTTP/2 GET https://auth.domain.com/connect/authorize?client_id=TestIdentity&redirect_uri=https%3A%2F%2Fsmc.web.domain.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20TestIdentity&response_mode=form_post&nonce=638440997151617322.ZTA2NTc1OWUtZTE0NS00ZjU0LWIyZjktZjU1ZWFlM2ExY2JhZDM0YjMxNGMtZWUwOC00YTJhLWE1NjgtM2M5ODU2NzhhNzIz&state=CfDJ8JByH2MkMuNNl3sV5fVf9nQ9ClPWZshJc5L3ihk5XA6cYJO8E0NXUtAdYFccsFRcCeSFIZ179gYHlU6firu6HkGCNjBlBiUM31kXS2GHJH2QLp7YOhtAa68iww6sv0wJOnntlRFQEIl8PFuhqGal5iLh6sFO10P3iMJ5frqaUiNEePfJfAEXUrp7hLp2457kLv6r82VdrGwEWqWloM_ZxOv9CA3lELinNxGPPl0gEyV77h96GfIlsOSloAV8G1y9XSzV-Nv43zfxOG5pTbe30bOasTmTNDJZdq6ha0i16I6oI1GP8nd8zyeLzxVyycZtbA&x-client-SKU=ID_NET8_0&x-client-ver=7.0.3.0 - null null 2024-02-21 13:38:39.351 +05:30 [INF] The request URI matched a server endpoint: "Authorization". 2024-02-21 13:38:39.356 +05:30 [INF] The authorization request was successfully extracted: { "client_id": "TestIdentity", "redirect_uri": "https://smc.web.domain.com/signin-oidc", "response_type": "code id_token", "scope": "openid profile roles email phone TestIdentity", "response_mode": "form_post", "nonce": "638440997151617322.ZTA2NTc1OWUtZTE0NS00ZjU0LWIyZjktZjU1ZWFlM2ExY2JhZDM0YjMxNGMtZWUwOC00YTJhLWE1NjgtM2M5ODU2NzhhNzIz", "state": "CfDJ8JByH2MkMuNNl3sV5fVf9nQ9ClPWZshJc5L3ihk5XA6cYJO8E0NXUtAdYFccsFRcCeSFIZ179gYHlU6firu6HkGCNjBlBiUM31kXS2GHJH2QLp7YOhtAa68iww6sv0wJOnntlRFQEIl8PFuhqGal5iLh6sFO10P3iMJ5frqaUiNEePfJfAEXUrp7hLp2457kLv6r82VdrGwEWqWloM_ZxOv9CA3lELinNxGPPl0gEyV77h96GfIlsOSloAV8G1y9XSzV-Nv43zfxOG5pTbe30bOasTmTNDJZdq6ha0i16I6oI1GP8nd8zyeLzxVyycZtbA", "x-client-SKU": "ID_NET8_0", "x-client-ver": "7.0.3.0" }. 2024-02-21 13:38:39.586 +05:30 [INF] Client validation failed because 'https://smc.web.domain.com/signin-oidc' was not a valid redirect_uri for TestIdentity. 2024-02-21 13:38:39.586 +05:30 [INF] The authorization request was rejected because the redirect_uri was invalid: 'https://smc.web.domain.com/signin-oidc'. 2024-02-21 13:38:39.597 +05:30 [INF] Request finished HTTP/2 GET https://auth.domain.com/connect/authorize?client_id=TestIdentity&redirect_uri=https%3A%2F%2Fsmc.web.domain.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20TestIdentity&response_mode=form_post&nonce=638440997151617322.ZTA2NTc1OWUtZTE0NS00ZjU0LWIyZjktZjU1ZWFlM2ExY2JhZDM0YjMxNGMtZWUwOC00YTJhLWE1NjgtM2M5ODU2NzhhNzIz&state=CfDJ8JByH2MkMuNNl3sV5fVf9nQ9ClPWZshJc5L3ihk5XA6cYJO8E0NXUtAdYFccsFRcCeSFIZ179gYHlU6firu6HkGCNjBlBiUM31kXS2GHJH2QLp7YOhtAa68iww6sv0wJOnntlRFQEIl8PFuhqGal5iLh6sFO10P3iMJ5frqaUiNEePfJfAEXUrp7hLp2457kLv6r82VdrGwEWqWloM_ZxOv9CA3lELinNxGPPl0gEyV77h96GfIlsOSloAV8G1y9XSzV-Nv43zfxOG5pTbe30bOasTmTNDJZdq6ha0i16I6oI1GP8nd8zyeLzxVyycZtbA&x-client-SKU=ID_NET8_0&x-client-ver=7.0.3.0 - 302 null null 247.1638ms 2024-02-21 13:38:39.600 +05:30 [INF] Request starting HTTP/2 GET https://auth.domain.com/Error?httpStatusCode=400 - null null
-
0
and when i open smc.auth.domain.com
then its show all applcation in that web.domain.com is show how to change that tenant wise if smc.auth.domain.com then show smc.web.domain.com
if auth.domain.com then show web.domain.com like that
-
0
hi
[INF] Client validation failed because 'https://smc.web.domain.com/signin-oidc' was not a valid redirect_uri for TestIdentity. [INF] The authorization request was rejected because the redirect_uri was invalid: 'https://smc.web.domain.com/signin-oidc'.PreConfigure<AbpOpenIddictWildcardDomainOptions>(options => { options.EnableWildcardDomainSupport = true; options.WildcardDomainsFormat.Add("https://{0}.auth.domain.com"); options.WildcardDomainsFormat.Add("https://{0}.web.domain.com/signin-oidc"); });Try to add
https://{0}.web.domain.com/signin-oidctoWildcardDomainsFormat -
0
Ok after adding this its working.Thank you for support. but if i open https://smc.auth.domain.com
then show all applications in this when i open web application this open https://web.domain.com but i want if tenant open than directly open https://smc.web.domain.com this url.
-
0
hi
then show all applications in this when i open web application this open https://web.domain.com but i want if tenant open than directly open https://smc.web.domain.com this URL.
I don't understand this very well. Can you explain in detail?
Thanks
-
0
hi
then show all applications in this when i open web application this open https://web.domain.com but i want if tenant open than directly open https://smc.web.domain.com this URL.
I don't understand this very well. Can you explain in detail?
Thanks
when i create new tenant example name smc. then its urls are : https://smc.web.domain.com (Web Project) and for auth : https://smc.auth.domain.com (Auth Project)
when we open https://auth.domain.com (Auth Project) it shows all application of openidconnect with urls , name and icons in this web project url shown as https://web.domain.com and when we open https://smc.auth.domain.com but its shown web url as https://web.domain.com instead of https://smc.web.domain.com this
-
0
hi
You can replace these URLs on the
index.cshtmlpage.Same as
//https://ids.getabp.net:44301 redirectContext.ProtocolMessage.IssuerAddress = redirectContext.ProtocolMessage.IssuerAddress.Replace("ids", $"{currentTenant.Name}.ids");
-
0
Thank you its working fine.
