Hi, I was searching how to achieve the SSO for user when switching tenant and saw the linking user feature, could you please explain how does it work? I could not find any document about it.
I had logged in as user1 and selected "new link user" and logged in as user2, it prompted "The target user is not linked to you!", there was an error when request for the access token:
{"ClientId": null, "ClientName": null, "ValidateLifetime": true, "AccessTokenType": "Jwt", "ExpectedScope": null, "TokenHandle": null, "JwtId": null, "Claims": {"nbf": 1634111151, "exp": 1665647151, "iss": "https://localhost:44349", "aud": "abp_latest", "client_id": "abp_latest_App", "sub": "a8346126-26bd-e475-29df-39ff8ac671b5", "auth_time": 1634111150, "idp": "local", "preferred_username": "user1", "role": "user_role", "phone_number_verified": "False", "email": "user1@test.com.sg", "email_verified": "False", "name": "user1", "sid": "C9AD8A4E92DBF82F9D6A7A5900988C02", "iat": 1634111151, "scope": ["openid", "profile", "role", "email", "phone", "abp_latest", "offline_access"], "amr": "pwd"}, "$type": "TokenValidationLog"} [15:50:08 ERR] Invalid extension grant{"error": "The target user is not linked to you!"}, details: {"ClientId": "abp_latest_App", "ClientName": "abp_latest_App", "GrantType": "LinkLogin", "Scopes": "abp_latest email offline_access openid phone profile role", "AuthorizationCode": "********", "RefreshToken": "********", "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "LinkLogin", "LinkUserId": "a8346126-26bd-e475-29df-39ff8ac671b5",
Hi, I am using Abp version 3.3.2, I have checked the code, it does not support upload/download content using stream, is there a way to override it to using stream same as 4.x version, how many files we need to override, could you please guide me the steps?
Another issue I found when trying Abp version 4.3.2, the downloaded file size is 0kb when downloading the large file (around ~500mb and above), there is no exception in the logs.
ABP Framework version: v3.3.2 UI type: Angular DB provider: EF Core Identity Server Separated: yes
Hi, I found an issue when user does first login with external login provider, the security log has logged one record with Action = 'LoginFailed' even I had logged in successfully.
Another question, after I completed the registration for new user, the new user has been inserted into AbpUsers table but the flag IsExternal = 0, it should be 1, right?
ABP Framework version: v3.3.2 UI type: Angular DB provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): yes
Hi, I have installed the file management module as guided:
Backend:
Angular UI:
but the "File Management" is not displayed in the menu section:
any idea?
I want to remove/disable the [Required] attribute for "Password" field in IdentityUserCreateDto
It seems could not achieve it so I disabled the validation by putting [DisableValidation] in the CreateAsync method, but it does not work:
[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(IdentityUserController))]
public class CustomIdentityUserController : IdentityUserController
{
public CustomIdentityUserController(IIdentityUserAppService userAppService) : base(userAppService)
{
}
[DisableValidation]
public override Task<IdentityUserDto> CreateAsync(IdentityUserCreateDto input)
{
return UserAppService.CreateAsync(input);
}
}
Any advice woule be appreciated much, thank you.
Hi, I am using abp version 3.3.2 and could not find LDAP setting in the 'Account' section
I checked the release notes, it has been released on 3.1:
https://docs.abp.io/en/commercial/latest/release-notes
Is there any required step to enable it, I could not find it in this article:
https://github.com/abpio/abp-commercial-docs/blob/dev/en/modules/account/ldap.md
Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
Hi, We have created a identity server client with grant type = client_credentials to let another application retrieving our data, now we create another tenant but dont know how to grant access for this client to access new tenant data, the "Identity Server -> Clients" does not appear if I login as tenant admin. any help would be much appreciated.
Hi, I see the connection string option "MultipleActiveResultSets=true" is put in a lot of articles in documentation but it does not appear in the connection string topic https://docs.abp.io/en/abp/latest/Connection-Strings
Is it required and if yes may I know which functions require it?
Hi, I have configured application to login with external authentication provider, the login is successful but security log does not capture the record, I also tried with Google authentication provider, has the same issue. Could you help us take a look. Thank you.
Hi, I have a requirement to log in with an external authentication provider named "Singpass", the spec & flow are described at the link below:
https://stg-id.singpass.gov.sg/docs/authorization/api#_introduction
Instead of redirect to authentication provider login page, it's using an embedded JS to generate the QR code in our page and require user to use mobile app to scan it for authentication, it requires to provide the state & nonce parameters as the input for embedded JS:
4.2. Input Parameters https://stg-id.singpass.gov.sg/docs/embedded-auth/js#_login_ui_dimensions
I have created an endpoint to manually generate the state & nonce parameters as below:
private readonly IOptionsMonitor<OpenIdConnectOptions> _openIdOptions;
...
private string GenerateNonce()
{
return Convert.ToBase64String(Encoding.UTF8.GetBytes(Guid.NewGuid().ToString()));
}
public string GetState()
{
var state = GenerateNonce();
AuthenticationProperties authProperties = new AuthenticationProperties
(
new Dictionary<string, string>
{
{ OpenIdConnectDefaults.UserstatePropertiesKey, state },
}
);
//This StateDataFormat does not use the correct DataProtectionProvider
return _openIdOptions.Get("singpass").CurrentValue.StateDataFormat.Protect(authProperties);
}
However, when the user scanned the QR code and completed the authentication, it redirected back to signin-oidc with the authentication code, I got this error
2021-03-01 11:31:29.918 +08:00 [WRN] .AspNetCore.Correlation. state property not found. 2021-03-01 11:31:29.918 +08:00 [INF] Error from RemoteAuthentication: Correlation failed..
I checked the OpenIdConnectionHandler, the CorrelationId is generated in HandleChallengeAsync() during redirection which does not happen in my case. I don't know how to do the proper configuration without redirection to external authentication login page, is there any advise? Any help would be much appreciated.
Below is my openid configuration:
.AddOpenIdConnect(authenticationScheme: "singpass", "Singpass Authentication", configureOptions =>
{
configureOptions.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
configureOptions.SignOutScheme = IdentityServerConstants.SignoutScheme;
configureOptions.Authority = configuration["Singpass:Authority"];
configureOptions.ClientId = configuration["Singpass:ClientId"];
configureOptions.ResponseType = OpenIdConnectResponseType.Code;
configureOptions.RequireHttpsMetadata = true;
configureOptions.ProtocolValidator = new OpenIdConnectProtocolValidator()
{
RequireState = false,
RequireStateValidation = false,
};
configureOptions.Events.OnAuthorizationCodeReceived = context =>
{
context.TokenEndpointRequest.ClientAssertionType = OidcConstants.ClientAssertionTypes.JwtBearer;
context.TokenEndpointRequest.ClientAssertion = NDIAuthenticationHandler.CreateClientAssertionJwt(
configuration["Singpass:ClientId"],
configuration["Singpass:TokenEndpoint"],
configuration["Key:ThumbPrint"]);
return Task.CompletedTask;
};
})