I noticed skipIssuerCheck: true. This will help.
I have one more issue here. Can I have different domains specific tenant configuration as the example below?
sub1.domain.com as host sub2.domain.com as tenant tenant1.com as tenant tenant2.co.uk as tenant tenant3.net as tenant
because the tenant may have their own domain instead of the sub-domain of the host domain or they may choose a subdomain as well.
Currently, I am facing the issue of login in with the tenant URL.
Getting below error when trying to login with tenant login page.
vendor.js:169503 invalid issuer in discovery document expected: https://red.api.getabp.net:44322 current: http://api.getabp.net:44322
Configure<IdentityServerOptions>(options =>
{
options.IssuerUri = configuration["App:SelfUrl"];
});
Anybody is there? Need proper documentation on multi-tenancy domain resolver on microservice architecture
The issue is fixed.
The above issue is fixed. Thanks for your support.
Ok, The issuer issue is fixed. Now getting below error in auth server logs.
[09:37:16 INF] CORS policy execution successful. [09:37:16 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token [09:37:16 INF] {"ClientId": "ChurchPharmacy_Angular", "AuthenticationMethod": "NoSecret", "Category": "Authentication", "Name": "Client Authentication Success", "EventType": "Success", "Id": 1010, "Message": null, "ActivityId": "0HMHUVCU8Q8EE:00000005", "TimeStamp": "2022-05-26T09:37:16.0000000Z", "ProcessId": 1, "LocalIpAddress": "::ffff:10.244.0.167:80", "RemoteIpAddress": "27.109.16.210", "$type": "ClientAuthenticationSuccessEvent"} [09:37:16 ERR] Client not authorized for resource owner flow, check the AllowedGrantTypes setting{"client_id": "ChurchPharmacy_Angular"}, details: {"ClientId": "ChurchPharmacy_Angular", "ClientName": "ChurchPharmacy_Angular", "GrantType": "password", "Scopes": null, "AuthorizationCode": "", "RefreshToken": "", "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "password", "scope": "offline_access openid profile email phone AccountService IdentityService AdministrationService SaasService ProductService", "client_id": "ChurchPharmacy_Angular", "username": "admin", "password": "REDACTED"}, "$type": "TokenRequestValidationLog"} [09:37:16 INF] {"ClientId": "ChurchPharmacy_Angular", "ClientName": "ChurchPharmacy_Angular", "RedirectUri": null, "Endpoint": "Token", "SubjectId": null, "Scopes": null, "GrantType": "password", "Error": "unauthorized_client", "ErrorDescription": null, "Category": "Token", "Name": "Token Issued Failure", "EventType": "Failure", "Id": 2001, "Message": null, "ActivityId": "0HMHUVCU8Q8EE:00000005", "TimeStamp": "2022-05-26T09:37:16.0000000Z", "ProcessId": 1, "LocalIpAddress": "::ffff:10.244.0.167:80", "RemoteIpAddress": "27.109.16.210", "$type": "TokenIssuedFailureEvent"} [09:37:16 INF] Request finished HTTP/1.1 POST http://auth-server-v1.mydomain.com/connect/token application/x-www-form-urlencoded 230 - 400 - application/json;+charset=UTF-8 41.5066ms
I have the below configuration in angular.
const oAuthConfig = {
issuer: 'https://auth-server-v1.mydomain.com',
clientId: 'ChurchPharmacy_Angular',
scope:
'offline_access openid profile email phone AccountService IdentityService AdministrationService SaasService ProductService'
};
All the configurations are done. Now when I try to log in with auth server, the login successfully done but it's not authenticated on the angular website.
administration log
[07:08:41 INF] Request starting HTTP/1.1 GET http://my-company-administration-service-v1.company-staging.svc.cluster.local/api/abp/application-configuration - 0 [07:08:41 INF] CORS policy execution successful. [07:08:41 INF] CORS policy execution successful. [07:08:41 INF] Failed to validate the token. Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10205: Issuer validation failed. Issuer: 'https://auth-server-v1.mydomain.com'. Did not match: validationParameters.ValidIssuer: 'null' or validationParameters.ValidIssuers: 'http://auth-server-v1.mydomain.com'. at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateIssuer(String issuer, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() [07:08:41 INF] Bearer was not authenticated. Failure message: IDX10205: Issuer validation failed. Issuer: 'https://auth-server-v1.mydomain.com'. Did not match: validationParameters.ValidIssuer: 'null' or validationParameters.ValidIssuers: 'http://auth-server-v1.mydomain.com'. [07:08:41 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)' [07:08:41 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationConfiguration", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto] GetAsync() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController (Volo.Abp.AspNetCore.Mvc). [07:08:41 WRN] The cookie 'XSRF-TOKEN' has set 'SameSite=None' and must also set 'Secure'. [07:08:41 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto'. [07:08:41 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 108.1989ms [07:08:41 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)' [07:08:41 INF] Request finished HTTP/1.1 GET http://company-staging-administration-service-v1.company-staging.svc.cluster.local/api/abp/application-configuration - 0 - 200
I have changed the ocelot values in config map with the service's endpoint address and the above issue is fixed but is this the correct configuration to use the service endpoint instead of the domain URL in the production?
I have sent an email with the details.
As I deployed microservices on Kubernetes, Do I need to follow Kubernetes ocelot configuration as per below?
https://ocelot.readthedocs.io/en/latest/features/kubernetes.html
The web gate has the following error logs.
[13:52:15 INF] Request starting HTTP/1.1 GET http://web-gateway-v1.mydomain.com/api/abp/application-configuration - -
[13:52:15 INF] CORS policy execution successful.
[13:52:15 INF] requestId: 0HMHTGPHDTLLU:00000002, previousRequestId: no previous request id, message: EndpointRateLimiting is not enabled for /api/abp/{everything}
[13:52:15 INF] requestId: 0HMHTGPHDTLLU:00000002, previousRequestId: no previous request id, message: No authentication needed for /api/abp/application-configuration
[13:52:15 INF] requestId: 0HMHTGPHDTLLU:00000002, previousRequestId: no previous request id, message: /api/abp/{everything} route does not require user to be authorized
[13:52:15 WRN] requestId: 0HMHTGPHDTLLU:00000002, previousRequestId: no previous request id, message: Error Code: ConnectionToDownstreamServiceError Message: Error connecting to downstream service, exception: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.IO.IOException: Cannot determine the frame size or a corrupted frame was received.
at System.Net.Security.SslStream.GetFrameSize(ReadOnlySpan1 buffer) at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request) at System.Threading.Tasks.TaskCompletionSourceWithCancellation1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at Ocelot.Requester.HttpClientHttpRequester.GetResponse(HttpContext httpContext) errors found in ResponderMiddleware. Setting error response for request path:/api/abp/application-configuration, request method: GET
[13:52:15 INF] Request finished HTTP/1.1 GET http://web-gateway-v1.mydomain.com/api/abp/application-configuration - - - 502 0 - 34.2504ms
