- ABP Framework version: 9.0.3
- UI Type: MVC / Blazor WASM / Blazor Server
- Database System: EF Core (SQL Server,)
- Tiered (for MVC) or Auth Server Separated (for Angular): Tiered
- Exception message and full stack trace:
- Steps to reproduce the issue: Integration with PingOne
Using .AddOpenIdConnect to connect with PingOne authentication. I can reach PingOne and Authentication happens fine but redirect url is taking me to logOut instead of login. How do I enforce login after user is authenticated properly. My redirect url is working fine with Azure AD authentication and same URL logs me out in Ping One. Did I miss anything ?
In Authserver Is there a way to send UserLoggedInEvent on event bus. context.Services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) .AddCookie() .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, "PingFederated login", options => { options.SignInScheme = IdentityConstants.ExternalScheme; //CookieAuthenticationDefaults.AuthenticationScheme; options.ResponseType = "code";// OpenIdConnectResponseType.Code;// CodeIdToken;//.CodeIdToken; options.SaveTokens = true;
options.Scope.Add("openid");
options.Scope.Add("email");
options.GetClaimsFromUserInfoEndpoint = true;
options.RequireHttpsMetadata = false;
options.UsePkce = true;
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
options.MapInboundClaims = false;
options.PushedAuthorizationBehavior = PushedAuthorizationBehavior.Disable;
options.CallbackPath = "/signin-oidc";
//added
options.SignedOutCallbackPath = "/signout-callback-oidc";
options.RemoteSignOutPath = "/signout-oidc";
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = context =>
{
// I want to send user logged in event to ABP when PingID login is successful
},
OnAuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("/Home/Error");
return Task.CompletedTask;
}
}
7 Answer(s)
-
0
Hi,
It's hard to determine the real problem since they're third-party libraries. But still all the OpenID Connect providers should work exactly same.There might be some configuration problems. Let's find out with investigating more information in your application.
Can you check for any extra inrformation about what happens while trying to login in
AuthServerproject logs? -
0
Hi Enisn, Thank you for the information. I have collected some logs. Any suggestion ?
3/11/2025 1:45:41 PM [Information] Request starting "HTTP/2" "POST" "https"://"auth.cpat.com:44324""""/signin-oidc""" - "application/x-www-form-urlencoded" 1590 3/11/2025 1:45:41 PM [Information] CORS policy execution successful. 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext" was successfully processed by "OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext" was successfully processed by "OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ResolveRequestUri". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext" was successfully processed by "OpenIddict.Server.OpenIddictServerHandlers+InferEndpointType". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext" was successfully processed by "Volo.Abp.Account.Web.Pages.Account.OpenIddictImpersonateInferEndpointType". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext" was successfully processed by "OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateHostHeader". 3/11/2025 1:45:41 PM [Information] AuthenticationScheme: "Identity.External" signed in. 3/11/2025 1:45:41 PM [Information] Request finished "HTTP/2" "POST" "https"://"auth.cpat.com:44324""""/signin-oidc""" - 302 null null 615.6755ms 3/11/2025 1:45:41 PM [Information] Request starting "HTTP/2" "GET" "https"://"auth.cpat.com:44324""""/Account/Login""?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DTMS_MVC_Web%26redirect_uri%3Dhttps%253A%252F%252Fauth.cpat.com%253A44346%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520TMS_MVC%26response_mode%3Dform_post%26nonce%3D638772974889462698.NmRkMjdjODMtNjljYi00MGMzLTkzMDYtNGY1MGNlZDA2NDAzMzc4MDdmNjktMjJiYS00NjY2LTkzZTItNDUyNTg3ZTVmYzJm%26state%3DCfDJ8EwZ5r9h8qdOvrPa4ioX0Fdluzy8_QgqiMiwOJUl41lBSUiNtpfzj93NGkpkpk3jhY-ld_Os6YRlEubI0LLEj3gyYbSTf_EtsBlufePOeleDohFlhwzYpvqL3MIEWLhiZ0ZKkIk3xxB8gb7BpIf_o460ksoSd4taJYG5Bknd7Zke1-ctYcuK58Ncl7xqE4e5cRw4HIapqtr9pWZhZj6hIr2cJ8WS8q7tUCgVC1E1elRTJzQ_NzVN3guz04zoqf6Kmb2coG8Kof4JXVXFXC6bP47hyoK2qpr_NoPbc83hV8TQ%26x-client-SKU%3DID_NET9_0%26x-client-ver%3D8.1.0.0&handler=ExternalLoginCallback" - null null 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext" was successfully processed by "OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext" was successfully processed by "OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ResolveRequestUri". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext" was successfully processed by "OpenIddict.Server.OpenIddictServerHandlers+InferEndpointType". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext" was successfully processed by "Volo.Abp.Account.Web.Pages.Account.OpenIddictImpersonateInferEndpointType". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext" was successfully processed by "OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateHostHeader". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was successfully processed by "OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ValidateHostHeader". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was successfully processed by "OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateValidatedTokens". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was successfully processed by "OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was successfully processed by "OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was successfully processed by "OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was successfully processed by "OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens". 3/11/2025 1:45:41 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was marked as rejected by "OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens". 3/11/2025 1:45:41 PM [Debug] AuthenticationScheme: "OpenIddict.Validation.AspNetCore" was not authenticated. 3/11/2025 1:45:41 PM [Information] Executing endpoint '"/Account/Login"' 3/11/2025 1:45:41 PM [Information] Route matched with "{page = "/Account/Login", area = "", action = "", controller = ""}". Executing page "/Account/Login" 3/11/2025 1:45:41 PM [Information] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 3/11/2025 1:45:41 PM [Information] Executing handler method "Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnGetExternalLoginCallbackAsync" - ModelState is Valid 3/11/2025 1:45:42 PM [Information] Executed handler method "OnGetExternalLoginCallbackAsync", returned result "Microsoft.AspNetCore.Mvc.RedirectToPageResult". 3/11/2025 1:45:42 PM [Information] Executing RedirectToPageResult, redirecting to "./Register". 3/11/2025 1:45:42 PM [Information] Executed endpoint '"/Account/Login"' 3/11/2025 1:45:42 PM [Information] Request finished "HTTP/2" "GET" "https"://"auth.cpat.com:44324""""/Account/Login""?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DTMS_MVC_Web%26redirect_uri%3Dhttps%253A%252F%252Fauth.cpat.com%253A44346%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520TMS_MVC%26response_mode%3Dform_post%26nonce%3D638772974889462698.NmRkMjdjODMtNjljYi00MGMzLTkzMDYtNGY1MGNlZDA2NDAzMzc4MDdmNjktMjJiYS00NjY2LTkzZTItNDUyNTg3ZTVmYzJm%26state%3DCfDJ8EwZ5r9h8qdOvrPa4ioX0Fdluzy8_QgqiMiwOJUl41lBSUiNtpfzj93NGkpkpk3jhY-ld_Os6YRlEubI0LLEj3gyYbSTf_EtsBlufePOeleDohFlhwzYpvqL3MIEWLhiZ0ZKkIk3xxB8gb7BpIf_o460ksoSd4taJYG5Bknd7Zke1-ctYcuK58Ncl7xqE4e5cRw4HIapqtr9pWZhZj6hIr2cJ8WS8q7tUCgVC1E1elRTJzQ_NzVN3guz04zoqf6Kmb2coG8Kof4JXVXFXC6bP47hyoK2qpr_NoPbc83hV8TQ%26x-client-SKU%3DID_NET9_0%26x-client-ver%3D8.1.0.0&handler=ExternalLoginCallback" - 302 null null 429.8414ms 3/11/2025 1:45:42 PM [Information] Request starting "HTTP/2" "GET" "https"://"auth.cpat.com:44324""""/Account/Register""?isExternalLogin=True&returnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DTMS_MVC_Web%26redirect_uri%3Dhttps%253A%252F%252Fauth.cpat.com%253A44346%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520TMS_MVC%26response_mode%3Dform_post%26nonce%3D638772974889462698.NmRkMjdjODMtNjljYi00MGMzLTkzMDYtNGY1MGNlZDA2NDAzMzc4MDdmNjktMjJiYS00NjY2LTkzZTItNDUyNTg3ZTVmYzJm%26state%3DCfDJ8EwZ5r9h8qdOvrPa4ioX0Fdluzy8_QgqiMiwOJUl41lBSUiNtpfzj93NGkpkpk3jhY-ld_Os6YRlEubI0LLEj3gyYbSTf_EtsBlufePOeleDohFlhwzYpvqL3MIEWLhiZ0ZKkIk3xxB8gb7BpIf_o460ksoSd4taJYG5Bknd7Zke1-ctYcuK58Ncl7xqE4e5cRw4HIapqtr9pWZhZj6hIr2cJ8WS8q7tUCgVC1E1elRTJzQ_NzVN3guz04zoqf6Kmb2coG8Kof4JXVXFXC6bP47hyoK2qpr_NoPbc83hV8TQ%26x-client-SKU%3DID_NET9_0%26x-client-ver%3D8.1.0.0" - null null 3/11/2025 1:45:42 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext" was successfully processed by "OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri". 3/11/2025 1:45:42 PM [Debug] The event "OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext" was successfully processed by "OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ResolveRequestUri". 3/11/2025 1:45:42 PM [Debug] The event "OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext" was successfully processed by "OpenIddict.Server.OpenIddictServerHandlers+InferEndpointType". 3/11/2025 1:45:42 PM [Debug] The event "OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext" was successfully processed by "Volo.Abp.Account.Web.Pages.Account.OpenIddictImpersonateInferEndpointType". 3/11/2025 1:45:42 PM [Debug] The event "OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext" was successfully processed by "OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateHostHeader". 3/11/2025 1:45:42 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was successfully processed by "OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ValidateHostHeader". 3/11/2025 1:45:42 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was successfully processed by "OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateValidatedTokens". 3/11/2025 1:45:42 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was successfully processed by "OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader". 3/11/2025 1:45:42 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was successfully processed by "OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm". 3/11/2025 1:45:42 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was successfully processed by "OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString". 3/11/2025 1:45:42 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was successfully processed by "OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens". 3/11/2025 1:45:42 PM [Debug] The event "OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext" was marked as rejected by "OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens". 3/11/2025 1:45:42 PM [Debug] AuthenticationScheme: "OpenIddict.Validation.AspNetCore" was not authenticated. 3/11/2025 1:45:42 PM [Information] Executing endpoint '"/Account/Register"'
-
0
To overcome the PingOne authentication problem in ABP, my primary suggestion is to meticulously review your ABP application's authentication configuration against your PingOne application settings. Double-check that the Client ID, Client Secret, Authority URL, and Response Type in your ABP application perfectly match those configured in PingOne. Furthermore, investigate **claim mapping **within ABP to ensure that user attributes from PingOne are correctly translated and recognized by your ABP application for proper user login and authorization. Debugging the redirection flow and reviewing any logs during the authentication handshake can also pinpoint configuration mismatches.
If it helps, this article can be a good example for claim mappings: https://abp.io/community/articles/how-claim-type-works-in-asp-net-core-and-abp-framework-km5dw6g1
-
0
Added email in the PingOne and added "email" in the scope of abp project. Now email is coming in the claims. So forced abp to check email only using options.Events.OnUserInformationReceived = ctx => { options.ClaimActions.MapUniqueJsonKey(ClaimTypes.Email, "email"); return Task.CompletedTask; };
options.Events = new OpenIdConnectEvents { OnTokenValidated = context => { return Task.CompletedTask; } } we go from ABP -> PingOne -> Userlogs in -> Comes back to OnTokenValidated in ABP ->Enters OnUserInformationReceived in ABP-> I see email in the claim fine but ABP gives this error: Any suggestion ?
An unhandled exception occurred while processing the request. InvalidOperationException: The instance of entity type 'IdentityUserLogin' cannot be tracked because another instance with the same key value for {'UserId', 'LoginProvider'} is already being tracked. When attaching existing entities, ensure that only one entity instance with a given key value is attached. Consider using 'DbContextOptionsBuilder.EnableSensitiveDataLogging' to see the conflicting key values.
ABP Logs: 3/12/2025 2:58:25 PM [Information] Executed page "/Account/Login" in 579.6282ms 3/12/2025 2:58:25 PM [Information] Executed endpoint '"/Account/Login"' 3/12/2025 2:58:25 PM [Error] System.InvalidOperationException: The instance of entity type 'IdentityUserLogin' cannot be tracked because another instance with the same key value for {'UserId', 'LoginProvider'} is already being tracked. When attaching existing entities, ensure that only one entity instance with a given key value is attached. Consider using 'DbContextOptionsBuilder.EnableSensitiveDataLogging' to see the conflicting key values. at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.IdentityMap
1.ThrowIdentityConflict(InternalEntityEntry entry) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.IdentityMap1.Add(TKey key, InternalEntityEntry entry, Boolean updateDuplicate) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.IdentityMap1.Add(TKey key, InternalEntityEntry entry) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.NullableKeyIdentityMap1.Add(InternalEntityEntry entry) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.StateManager.StartTracking(InternalEntityEntry entry) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.InternalEntityEntry.SetEntityState(EntityState oldState, EntityState newState, Boolean acceptChanges, Boolean modifyProperties) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.InternalEntityEntry.SetEntityState(EntityState entityState, Boolean acceptChanges, Boolean modifyProperties, Nullable1 forceStateWhenUnknownKey, Nullable1 fallbackState) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.EntityGraphAttacher.PaintAction(EntityEntryGraphNode1 node) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.EntityEntryGraphIterator.TraverseGraph[TState](EntityEntryGraphNode1 node, Func2 handleNode) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.EntityGraphAttacher.AttachGraph(InternalEntityEntry rootEntry, EntityState targetState, EntityState storeGeneratedWithKeySetTargetState, Boolean forceStateWhenUnknownKey) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.NavigationFixer.NavigationCollectionChanged(InternalEntityEntry entry, INavigationBase navigationBase, IEnumerable1 added, IEnumerable1 removed) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.InternalEntityEntryNotifier.NavigationCollectionChanged(InternalEntityEntry entry, INavigationBase navigationBase, IEnumerable1 added, IEnumerable1 removed) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.ChangeDetector.DetectNavigationChange(InternalEntityEntry entry, INavigationBase navigationBase) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.ChangeDetector.LocalDetectChanges(InternalEntityEntry entry) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.ChangeDetector.DetectChanges(IStateManager stateManager) at Microsoft.EntityFrameworkCore.ChangeTracking.ChangeTracker.DetectChanges() at Microsoft.EntityFrameworkCore.Internal.InternalDbSet1.get_Local() at Volo.Abp.Domain.Repositories.EntityFrameworkCore.EfCoreRepository2.UpdateAsync(TEntity entity, Boolean autoSave, CancellationToken cancellationToken) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Volo.Abp.Identity.IdentityUserStore.UpdateAsync(IdentityUser user, CancellationToken cancellationToken) at Microsoft.AspNetCore.Identity.UserManager1.UpdateUserAsync(TUser user) at Volo.Abp.Identity.IdentityUserManager.UpdateUserAsync(IdentityUser user) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Microsoft.AspNetCore.Identity.UserManager1.AddLoginAsync(TUser user, UserLoginInfo login) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync()Not sure, if related but externalprovidermap does not have PingOne:
-
0
Hi sghorakavi@cpat.com,
Thanks for reaching out with your issue. It sounds like there are a few possible areas we need to investigate to resolve the problem. Here are my suggestions:
Authentication Configuration
First, ensure that your ABP application’s authentication configuration exactly matches the settings in PingOne. This includes the Client ID, Client Secret, Authority URL, and Response Type. Misconfigurations here could lead to improper redirection behaviors.
Claim Mapping
Double-check the claim mapping in your ABP application. Ensure that user attributes from PingOne are being correctly translated and recognized by your ABP application. For example, make sure you have the correct mapping for the email claim as you've already started to do:
options.ClaimActions.MapUniqueJsonKey(ClaimTypes.Email, "email");Debugging and Logs
Review the logs you provided. It appears there's an error with the tracking of the
IdentityUserLoginentity. This usually happens when two instances of the same entity are being tracked simultaneously. To debug this issue:Ensure that you are not inadvertently creating duplicate instances of the same entity.
Enable sensitive data logging in your DbContext options to get more detailed error information:
options.EnableSensitiveDataLogging();Handling External Login Event
To handle the external login event correctly, you should ensure that once the user logs in via PingOne, the information is processed appropriately in the ABP system. Here's how you can handle the
OnTokenValidatedandOnUserInformationReceivedeventsoptions.Events = new OpenIdConnectEvents { OnTokenValidated = context => { // Add logic to handle when token is validated return Task.CompletedTask; }, OnUserInformationReceived = context => { options.ClaimActions.MapUniqueJsonKey(ClaimTypes.Email, "email"); // Additional processing return Task.CompletedTask; } };Resolving Entity Tracking Issue
The
InvalidOperationExceptionregarding theIdentityUserLoginentity being already tracked suggests that there might be an issue with entity tracking in your application. You should ensure that only one instance of the entity is being tracked at any given time:public async Task UpdateLoginAsync(UserLoginInfo loginInfo) { var existingLogin = await _userManager.FindByLoginAsync(loginInfo.LoginProvider, loginInfo.ProviderKey); if (existingLogin != null) { // Detach the existing login to prevent tracking issues _dbContext.Entry(existingLogin).State = EntityState.Detached; } var newLogin = new IdentityUserLogin { LoginProvider = loginInfo.LoginProvider, ProviderKey = loginInfo.ProviderKey }; await _dbContext.UserLogins.AddAsync(newLogin); await _dbContext.SaveChangesAsync(); }This approach ensures that the existing login is detached before adding a new one to prevent tracking conflicts.
Verify Return URL
Ensure that the return URL is correctly set after successful authentication to guide the user to the intended login page rather than logging out.
If you follow these steps and still encounter issues, please provide more detailed logs, and we will continue troubleshooting from there.
You have to determine the problem in the application/configuration and then we can take an action for the solution.
-
0
Hi enisn, Thank you for the information.
PingOne is working fine.
Where should I put** "Resolving Entity Tracking Issue"** code from your above suggestion ?
** System.InvalidOperationException: The instance of entity type 'IdentityUserLogin' cannot be tracked because another instance with the same key value for {'UserId', 'LoginProvider'} is already being tracked. When attaching existing entities, ensure that only one entity instance with a given key value is attached. Consider using 'DbContextOptionsBuilder.EnableSensitiveDataLogging' to see the conflicting key values. at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.IdentityMap**
-
0
Where should I put** "Resolving Entity Tracking Issue"** code from your above suggestion ?
Sorry, IdentityUser has
AddLoginAsyncnotUpdateLoginAsyncmethod. You can create your own IdentityUserManager and handle the external login in there. That can be a good point to start tracking what is going on[Dependency(ReplaceServices = true)] [ExposeServices(typeof(IdentityUserManager))] public class MyIdentityManager : IdentityUserManager { public MyIdentityManager( IdentityUserStore store, IIdentityRoleRepository roleRepository, IIdentityUserRepository userRepository, IOptions<IdentityOptions> optionsAccessor, IPasswordHasher<Volo.Abp.Identity.IdentityUser> passwordHasher, IEnumerable<IUserValidator<Volo.Abp.Identity.IdentityUser>> userValidators, IEnumerable<IPasswordValidator<Volo.Abp.Identity.IdentityUser>> passwordValidators, ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IServiceProvider services, ILogger<IdentityUserManager> logger, ICancellationTokenProvider cancellationTokenProvider, IOrganizationUnitRepository organizationUnitRepository, ISettingProvider settingProvider, IDistributedEventBus distributedEventBus, IIdentityLinkUserRepository identityLinkUserRepository, IDistributedCache<AbpDynamicClaimCacheItem> dynamicClaimCache) : base(store, roleRepository, userRepository, optionsAccessor, passwordHasher, userValidators, passwordValidators, keyNormalizer, errors, services, logger, cancellationTokenProvider, organizationUnitRepository, settingProvider, distributedEventBus, identityLinkUserRepository, dynamicClaimCache) { } public override async Task<IdentityResult> AddLoginAsync(Volo.Abp.Identity.IdentityUser user, UserLoginInfo login) { if(login.ProviderKey == "PingOne") { // Handle PingOne login } return await base.AddLoginAsync(user, login); } }```
