- ABP Framework version: v8.3.3
- UI Type: MVC
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
- Exception message and full stack trace:
- Steps to reproduce the issue:
-
- Currently i have my server with using ABP framework which in not Tiered(No seperate auth server and api Host)
- I able to configure multitenancy using *.myproduct.com
- But now i want to move to tired architecture and im confused about handling multi tenenacy. And how does tenant url be formatted?
Should i take three different certiifcate like *.apimyproduct.com , *.authmyproduct.com etc.
Can you help us what should be the preffered way to host the applications in the multi tenant context.
5 Answer(s)
-
0
hi
Should i take three different certiifcate like *.apimyproduct.com , *.authmyproduct.com etc.
HTTPS certificate supports wildcard. You can use one certificate for multiple domains.
eg: https://github.com/abpframework/abp-samples/tree/master/DomainTenantResolver
-
0
I have configured the widl card i.e., *.xyz.com to my server as follows
API Host - api.xyz.com AuthServer - auth.xyz.com WebServer - web.xyz.com
I have observerd two issues here
- When add tenant lets say 'test1' - I couldn't login to test1.web.xyz.com as the openid client credentials are not created in the tenant ,so it is redirecting to auth.xyz.com rather than t1.auth.xyz.com
- Also when i do t1.web.xyz.com the certificate is showing invalid certificate but it is showing as valid certificate for web.xyx.com
-
0
hi
openid client credentials are not created in the tenant
The openiddict application/client should always store on Host database.
showing invalid certificate but it is showing as valid certificate for web.xyx.com
Your HTTPS certification should contain the
*.web.xyx.com.acme.sh --issue --dns dns_cf -d getabp.net -d '*.getabp.net' -d '*.api.getabp.net' -d '*.ids.getabp.net' -d '*.ng.getabp.net' -d '*.web.getabp.net' -
0
hi
openid client credentials are not created in the tenant
The openiddict application/client should always store on Host database.
Tommorow if i create a tenant for customer, Should i not give the tenant admin provision to add openid applications/clients ??
showing invalid certificate but it is showing as valid certificate for web.xyx.com
Your HTTPS certification should contain the
*.web.xyx.com.Rather than having multilevel subdomains, if i use three certificates for api,authserver and web and create a tenant test, will abp support test.api.com -> test.authserver.com -> test.web.com tenant resolution?
acme.sh --issue --dns dns_cf -d getabp.net -d '*.getabp.net' -d '*.api.getabp.net' -d '*.ids.getabp.net' -d '*.ng.getabp.net' -d '*.web.getabp.net' -
0
hi
Tommorow if i create a tenant for customer, Should i not give the tenant admin provision to add openid applications/clients ??
The Tenant usually doesn't to maintain the
OAuth2applications/clients. This is the default design.Rather than having multilevel subdomains, if i use three certificates for api,authserver and web and create a tenant test, will abp support test.api.com -> test.authserver.com -> test.web.com tenant resolution?
The HTTPS certificates are unrelated to abp. abp framework support resolves tenant from URL.
