I figured it out by checking other tickets with this validation issue. I've added this code to the services, adding the auth server on the list of valid issuers:
context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddAbpJwtBearer(options =>
{
//...
// IDX10204: Unable to validate issuer on K8s if not set
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidIssuers = new[] { configuration["AuthServer:Authority"].EnsureEndsWith('/') },
// IDX10500: Signature validation failed. No security keys were provided to validate the signature on K8s
SignatureValidator = delegate (string token, TokenValidationParameters parameters)
{
var jwt = new Microsoft.IdentityModel.JsonWebTokens.JsonWebToken(token);
return jwt;
}
};
}
All logs sent to https://we.tl/t-S8wM5riUdV
I'm preparing the logs here, but I think we found the issue:
2024-10-24 11:04:03.410 +00:00 [INF] Request origin https://klir-sandbox-microservices-angular.klir.com does not have permission to access the resource. 2024-10-24 11:04:03.442 +00:00 [INF] Failed to validate the token. Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty. at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuerAsync(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.Tokens.InternalValidators.ValidateAfterSignatureFailed(SecurityToken securityToken, Nullable1 notBefore, Nullable1 expires, IEnumerable1 audiences, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignature(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignatureAndIssuerSecurityKey(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateJWSAsync(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) 2024-10-24 11:04:03.442 +00:00 [INF] Bearer was not authenticated. Failure message: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.
Do you know how to solve this? After checking this configuration, it seems the issuer is matching.
Ok, debug logs shared on: https://we.tl/t-w2UsMedJ7E
[08:46:05 INF] Loaded ABP modules: [08:46:05 INF] - KlirMicroservices.WebGateway.KlirMicroservicesWebGatewayModule [08:46:05 INF] - Volo.Abp.Autofac.AbpAutofacModule [08:46:05 INF] - Volo.Abp.Castle.AbpCastleCoreModule [08:46:05 INF] - Volo.Abp.AspNetCore.Serilog.AbpAspNetCoreSerilogModule [08:46:05 INF] - Volo.Abp.MultiTenancy.AbpMultiTenancyModule [08:46:05 INF] - Volo.Abp.Data.AbpDataModule [08:46:05 INF] - Volo.Abp.ObjectExtending.AbpObjectExtendingModule [08:46:05 INF] - Volo.Abp.Localization.AbpLocalizationAbstractionsModule [08:46:05 INF] - Volo.Abp.Validation.AbpValidationAbstractionsModule [08:46:05 INF] - Volo.Abp.Uow.AbpUnitOfWorkModule [08:46:05 INF] - Volo.Abp.EventBus.Abstractions.AbpEventBusAbstractionsModule [08:46:05 INF] - Volo.Abp.Security.AbpSecurityModule [08:46:05 INF] - Volo.Abp.Settings.AbpSettingsModule [08:46:05 INF] - Volo.Abp.MultiTenancy.AbpMultiTenancyAbstractionsModule [08:46:05 INF] - Volo.Abp.VirtualFileSystem.AbpVirtualFileSystemModule [08:46:05 INF] - Volo.Abp.Localization.AbpLocalizationModule [08:46:05 INF] - Volo.Abp.Threading.AbpThreadingModule [08:46:05 INF] - Volo.Abp.AspNetCore.AbpAspNetCoreModule [08:46:05 INF] - Volo.Abp.Auditing.AbpAuditingModule [08:46:05 INF] - Volo.Abp.Json.AbpJsonModule [08:46:05 INF] - Volo.Abp.Json.SystemTextJson.AbpJsonSystemTextJsonModule [08:46:05 INF] - Volo.Abp.Json.AbpJsonAbstractionsModule [08:46:05 INF] - Volo.Abp.Timing.AbpTimingModule [08:46:05 INF] - Volo.Abp.Auditing.AbpAuditingContractsModule [08:46:05 INF] - Volo.Abp.Http.AbpHttpModule [08:46:05 INF] - Volo.Abp.Http.AbpHttpAbstractionsModule [08:46:05 INF] - Volo.Abp.Minify.AbpMinifyModule [08:46:05 INF] - Volo.Abp.Authorization.AbpAuthorizationModule [08:46:05 INF] - Volo.Abp.Authorization.AbpAuthorizationAbstractionsModule [08:46:05 INF] - Volo.Abp.Validation.AbpValidationModule [08:46:05 INF] - Volo.Abp.ExceptionHandling.AbpExceptionHandlingModule [08:46:05 INF] - Volo.Abp.AspNetCore.AbpAspNetCoreAbstractionsModule [08:46:05 INF] - Volo.Abp.Swashbuckle.AbpSwashbuckleModule [08:46:05 INF] - Volo.Abp.AspNetCore.Mvc.AbpAspNetCoreMvcModule [08:46:05 INF] - Volo.Abp.ApiVersioning.AbpApiVersioningAbstractionsModule [08:46:05 INF] - Volo.Abp.AspNetCore.Mvc.AbpAspNetCoreMvcContractsModule [08:46:05 INF] - Volo.Abp.Application.AbpDddApplicationContractsModule [08:46:05 INF] - Volo.Abp.UI.Navigation.AbpUiNavigationModule [08:46:05 INF] - Volo.Abp.UI.AbpUiModule [08:46:05 INF] - Volo.Abp.GlobalFeatures.AbpGlobalFeaturesModule [08:46:05 INF] - Volo.Abp.Application.AbpDddApplicationModule [08:46:05 INF] - Volo.Abp.Domain.AbpDddDomainModule [08:46:05 INF] - Volo.Abp.EventBus.AbpEventBusModule [08:46:05 INF] - Volo.Abp.Guids.AbpGuidsModule [08:46:05 INF] - Volo.Abp.BackgroundWorkers.AbpBackgroundWorkersModule [08:46:05 INF] - Volo.Abp.DistributedLocking.AbpDistributedLockingAbstractionsModule [08:46:05 INF] - Volo.Abp.ObjectMapping.AbpObjectMappingModule [08:46:05 INF] - Volo.Abp.Specifications.AbpSpecificationsModule [08:46:05 INF] - Volo.Abp.Caching.AbpCachingModule [08:46:05 INF] - Volo.Abp.Serialization.AbpSerializationModule [08:46:05 INF] - Volo.Abp.Domain.AbpDddDomainSharedModule [08:46:05 INF] - Volo.Abp.Features.AbpFeaturesModule [08:46:05 INF] - Volo.Abp.AspNetCore.MultiTenancy.AbpAspNetCoreMultiTenancyModule [08:46:05 INF] - Volo.Abp.Studio.Client.AspNetCore.AbpStudioClientAspNetCoreModule [08:46:05 INF] - Volo.Abp.Studio.AbpStudioClientModule [08:46:05 INF] - Volo.Abp.Studio.AbpStudioClientContractsModule [08:46:05 INF] Loading proxy data from config. [08:46:05 WRN] Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to https://aka.ms/aspnet/dataprotectionwarning [08:46:05 INF] User profile is available. Using '/root/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest. [08:46:05 INF] Initialized all ABP modules. [08:46:05 INF] Creating key {a931d469-b9f2-44a4-8cf5-7f1b7f11f514} with creation date 2024-10-23 08:46:05Z, activation date 2024-10-23 08:46:05Z, and expiration date 2025-01-21 08:46:05Z. [08:46:05 WRN] No XML encryptor configured. Key {a931d469-b9f2-44a4-8cf5-7f1b7f11f514} may be persisted to storage in unencrypted form. [08:46:05 INF] Writing data to file '/root/.aspnet/DataProtection-Keys/key-a931d469-b9f2-44a4-8cf5-7f1b7f11f514.xml'. [08:46:05 WRN] Overriding HTTP_PORTS '8080' and HTTPS_PORTS ''. Binding to values defined by URLS instead 'http://+:80'. [08:46:05 INF] Now listening on: http://[::]:80 [08:46:05 INF] Application started. Press Ctrl+C to shut down. [08:46:05 INF] Hosting environment: Staging [08:46:05 INF] Content root path: /app [08:48:53 INF] Request starting HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - null null [08:48:53 INF] CORS policy execution successful. [08:48:53 INF] Request finished HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - 204 null null 54.6774ms [08:48:53 INF] Request starting HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - null null [08:48:53 INF] CORS policy execution successful. [08:48:53 INF] Executing endpoint 'AbpApi' [08:48:53 INF] Proxying to http://klir-sandbox-microservices-administration/api/abp/application-configuration?includeLocalizationResources=false HTTP/2 RequestVersionOrLower no-streaming [08:48:53 INF] Received HTTP/1.1 response 200. [08:48:53 INF] Executed endpoint 'AbpApi' [08:48:53 INF] Request finished HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - 200 null application/json; charset=utf-8 299.8215ms [08:48:53 INF] Request starting HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null [08:48:53 INF] CORS policy execution successful. [08:48:53 INF] Request finished HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - 204 null null 0.793ms [08:48:53 INF] Request starting HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null [08:48:53 INF] CORS policy execution successful. [08:48:53 INF] Executing endpoint 'AbpApi' [08:48:53 INF] Proxying to http://klir-sandbox-microservices-administration/api/abp/application-localization?cultureName=en&onlyDynamics=false HTTP/2 RequestVersionOrLower no-streaming [08:48:54 INF] Received HTTP/1.1 response 200. [08:48:54 INF] Executed endpoint 'AbpApi' [08:48:54 INF] Request finished HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - 200 null application/json; charset=utf-8 187.8107ms [08:49:10 INF] Request starting HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - null null [08:49:10 INF] CORS policy execution successful. [08:49:10 INF] Request finished HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - 204 null null 1.2681ms [08:49:10 INF] Request starting HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - null null [08:49:10 INF] CORS policy execution successful. [08:49:10 INF] Executing endpoint 'AbpApi' [08:49:10 INF] Proxying to http://klir-sandbox-microservices-administration/api/abp/application-configuration?includeLocalizationResources=false HTTP/2 RequestVersionOrLower no-streaming [08:49:10 INF] Received HTTP/1.1 response 200. [08:49:10 INF] Executed endpoint 'AbpApi' [08:49:10 INF] Request finished HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - 200 null application/json; charset=utf-8 157.7581ms [08:49:10 INF] Request starting HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null [08:49:10 INF] CORS policy execution successful. [08:49:10 INF] Request finished HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - 204 null null 0.8468ms [08:49:10 INF] Request starting HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null [08:49:10 INF] CORS policy execution successful. [08:49:10 INF] Executing endpoint 'AbpApi' [08:49:10 INF] Proxying to http://klir-sandbox-microservices-administration/api/abp/application-localization?cultureName=en&onlyDynamics=false HTTP/2 RequestVersionOrLower no-streaming [08:49:10 INF] Received HTTP/1.1 response 200. [08:49:10 INF] Executed endpoint 'AbpApi' [08:49:10 INF] Request finished HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - 200 null application/json; charset=utf-8 40.9671ms
Hello,
I've sent the logs to your e-mail. Thanks
Hi, yes, you can use the same URL from the logs: https://klir-sandbox-microservices-angular.klir.com/