Starts in:
1 DAY
23 HRS
35 MIN
45 SEC
Starts in:
1 D
23 H
35 M
45 S

Activities of "rogercprops"

Hi,

As I said, the databases are exactly the same. The database is SQL server running in a vm. localhost appsettings.json "ConnectionStrings": { "IdentityService": "Server=40.124.37.230;Database=CloverleafCMS_Identity;User Id=*;password=;MultipleActiveResultSets=true;TrustServerCertificate=True",

auth-sever aks deployment manifest - name: "ConnectionStrings__IdentityService" value: "Server=40.124.37.230;Database=CloverleafCMS_Identity;User Id=;password=;TrustServerCertificate=True"

  • ABP Framework version: v7.2.2 Commercial
  • UI Type: N/A
  • Database System: EF Core SQL Server
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: We're using the microservice template and using the auth-server app for authentication. The auth-server application has been slightly modified for custom branding.

We have a .net API to get a token using the IdentityModel.Client.

When I call the API using Postman that's pointing to the auth-server running on localhost via Tye I'm able to successfully get a token. When I call the API pointing to the auth-server running in Azure Kubernetes I get an invalid username and password error.

The code is the exact same. The database is the same and the credentials are the exact same.

Here's the log from the localhost version: [auth-server_7b8d49a0-6]: [14:31:40 INF] Request starting HTTP/1.1 GET https://localhost:44322/.well-known/openid-configuration - - [auth-server_7b8d49a0-6]: [14:31:40 INF] Request finished HTTP/1.1 GET https://localhost:44322/.well-known/jwks - - - 200 1620 application/json;charset=UTF-8 14.9184ms [auth-server_7b8d49a0-6]: [14:31:40 INF] Request starting HTTP/1.1 POST https://localhost:44322/connect/token application/x-[www-form-urlencoded 357](http://www-form-urlencoded 357) [auth-server_7b8d49a0-6]: [14:31:40 INF] The request URI matched a server endpoint: Token. [auth-server_7b8d49a0-6]: [14:31:40 INF] The token request was successfully extracted: { [auth-server_7b8d49a0-6]: "grant_type": "password", [auth-server_7b8d49a0-6]: "username": "admin", [auth-server_7b8d49a0-6]: "password": "[redacted]", [auth-server_7b8d49a0-6]: "scope": "address email phone profile roles AccountService IdentityService AdministrationService SaasService ClientService ServicesService ClientServiceQueryService UserInfoQueryService DocumentService GuardianshipService NotesService ContactService EngagementLogService DocTemplateService FinancialsService", [auth-server_7b8d49a0-6]: "client_id": "PublicAPI", [auth-server_7b8d49a0-6]: "client_secret": "[redacted]" [auth-server_7b8d49a0-6]: }. [auth-server_7b8d49a0-6]: [14:31:41 INF] The token request was successfully validated. [auth-server_7b8d49a0-6]: [14:31:42 INF] The response was successfully returned as a JSON document: { [auth-server_7b8d49a0-6]: "access_token": "[redacted]", [auth-server_7b8d49a0-6]: "token_type": "Bearer", [auth-server_7b8d49a0-6]: "expires_in": 3600 [auth-server_7b8d49a0-6]: }. [auth-server_7b8d49a0-6]: [14:31:42 INF] Request finished HTTP/1.1 POST https://localhost:44322/connect/token application/x-[www-form-urlencoded 357](http://www-form-urlencoded 357) - 200 1946 application/json;charset=UTF-8 1888.1892ms

Here's the log from the AKS version: [20:18:22 INF] Request starting HTTP/1.1 GET http://authserver.cloverleafcms.dev/.well-known/openid-configuration - - [20:18:22 INF] Request finished HTTP/1.1 GET http://authserver.cloverleafcms.dev/.well-known/openid-configuration - - - 200 2461 application/json;charset=UTF-8 171.3345ms [20:18:22 INF] Request starting HTTP/1.1 GET http://authserver.cloverleafcms.dev/.well-known/jwks - - [20:18:22 INF] The token request was successfully extracted: { "grant_type": "password", "username": "admin", "password": "[redacted]", "scope": "address email phone profile roles AccountService IdentityService AdministrationService SaasService ClientService ServicesService ClientServiceQueryService UserInfoQueryService DocumentService GuardianshipService NotesService ContactService EngagementLogService DocTemplateService FinancialsService", "client_id": "PublicAPI", "client_secret": "[redacted]" }. [20:18:24 INF] The response was successfully returned as a JSON document: { "error": "invalid_grant", "error_description": "Invalid username or password!", "error_uri": "https://documentation.openiddict.com/errors/ID2024" }. [20:18:25 INF] Request finished HTTP/1.1 POST http://authserver.cloverleafcms.dev/connect/token application/x-[www-form-urlencoded 360](http://www-form-urlencoded 360) - 400 155 application/json;charset=UTF-8 3198.2666ms

  • Steps to reproduce the issue:
  1. Create a microservice solution using Abp Suite 7.2.2
  2. Run the solution locally using Tye
  3. Using Postman call the .net API that calls the get token endpoint from the auth-server microservice
  4. Generate a docker images for the auth server application and microservice services and the .net token api.
  5. Deploy the applications to Azure Kubernetes
  6. Change the url for the .net API in postman to the AKS ingress url for .net api

I can give you read access to our GitHub repositories if necessary.

Thank you

Where specifically do I put these lines of code? What service or application? What cs file? etc.

Hi,

Can you be more specific about what you mean? It's not real clear from the link to the source code.

Thank you

Here it is: [13:42:17 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/.well-known/openid-configuration - - [13:42:17 INF] CORS policy execution successful. [13:42:17 INF] The request URI matched a server endpoint: Configuration. [13:42:17 INF] The configuration request was successfully extracted: {}. [13:42:17 INF] The configuration request was successfully validated. [13:42:17 INF] The response was successfully returned as a JSON document: { "issuer": "https://authserver.cloverleafcms.dev/", "authorization_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/authorize", "token_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/token", "introspection_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/introspect", "end_session_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/logout", "revocation_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/revocat", "userinfo_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/userinfo", "device_authorization_endpoint": "https://auth.txguardians.cloverleafcms.dev/device", "jwks_uri": "https://auth.txguardians.cloverleafcms.dev/.well-known/jwks", "grant_types_supported": [ "authorization_code", "implicit", "password", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:device_code", "LinkLogin", "Impersonation" ], "response_types_supported": [ "code", "code id_token", "code id_token token", "code token", "id_token", "id_token token", "token", "none" ], "response_modes_supported": [ "form_post", "fragment", "query" ], "scopes_supported": [ "openid", "offline_access", "email", "profile", "phone", "roles", "address", "AccountService", "IdentityService", "AdministrationService", "SaasService", "ClientService", "ServicesService", "ClientServiceQueryService", "UserInfoQueryService" ], "claims_supported": [ "aud", "exp", "iat", "iss", "sub" ], "id_token_signing_alg_values_supported": [ "RS256" ], "code_challenge_methods_supported": [ "S256" ], "subject_types_supported": [ "public" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "introspection_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "revocation_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "claims_parameter_supported": false, "request_parameter_supported": false, "request_uri_parameter_supported": false, "authorization_response_iss_parameter_supported": true }. [13:42:17 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/.well-known/openid-configuration - - - 200 2313 application/json;charset=UTF-8 8.9659ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjhFOEEwNTQyMUVENUYyRDlFMDcyNzIwNEFDQUQxQTFDRDlBRDEyRkUiLCJ4NXQiOiJqb29GUWg3Vjh0bmdjbklFckswYUhObXRFdjQiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiI5YmIyMWFjOS1kM2FjLTg4N2UtYjUyMS0zYTBjOWM1ZDA4ZDYiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJFZGR5Rml0eiIsImVtYWlsIjoiZWRkeWZpdHpAZ3RleHRlc3QuY29tIiwidGVuYW50aWQiOiIwZWVjM2M1OS1mNzE4LWE5MTYtM2M4Ny0zYTBjOWM1N2RhZjgiLCJ1bmlxdWVfbmFtZSI6IkVkZHlGaXR6Iiwib2lfYXVfaWQiOiI0ZDljNWJmYy0wYWM1LTkyNTktYTFkZS0zYTBjOWZhODE4MTUiLCJhenAiOiJDbG92ZXJsZWFmQ01TIiwiYXRfaGFzaCI6ImRhaWZNQnk0MG5yaGZHek1UeGt5ZEEiLCJvaV90a25faWQiOiIwNzFkMzE0ZC00Njg1LTA0MmEtMjU3MC0zYTBkYzUwMDExY2QiLCJhdWQiOiJDbG92ZXJsZWFmQ01TIiwiZXhwIjoxNjk1MjE4NTAxLCJpc3MiOiJodHRwczovL2F1dGhzZXJ2ZXIuY2xvdmVybGVhZmNtcy5kZXYvIiwiaWF0IjoxNjk1MjE3MzAxfQ.eYbszCdoQR-nz2qpEvLgq1lsxYZqw7nYCLlhaoKwk1Y_TyQVoCode59kbhX_hSnFuvOTFBbw_cq2qES9nAr0s8UED4cStuVmsNGHTcjmozLFCaRUjKpQZRoXvKDupZ-ggE-lj6ME4VMvxUbscIYL71P5ravYf4uxLMt4_FBGyGycMBjzqWLZxzXzhi74UYwaPFK7OdNXHLEKPd4K60tDRNejUjTX4C4_GGt_wlJte5AAQmTO-lG7XX0LQ7axe92lszc4AAIE94jW-mP9XGFvVhicOmH6Vz35yc_mnbERCY0GP2BXrOBM4Txnf3KWYPE_gm466VyAkxMdnlfSIkNcgg&post_logout_redirect_uri=https%3A%2F%2Ftxguardians.cloverleafcms.de%2Fauth%2Flogin - - [13:42:18 INF] The request URI matched a server endpoint: Logout. [13:42:18 INF] The logout request was successfully extracted: { "id_token_hint": "[redacted]", "post_logout_redirect_uri": "https://txguardians.cloverleafcms.de/auth/login" }. [13:42:18 INF] The logout request was rejected because the specified post_logout_redirect_uri was invalid: https://txguardians.cloverleafcms.de/auth/login. [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjhFOEEwNTQyMUVENUYyRDlFMDcyNzIwNEFDQUQxQTFDRDlBRDEyRkUiLCJ4NXQiOiJqb29GUWg3Vjh0bmdjbklFckswYUhObXRFdjQiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiI5YmIyMWFjOS1kM2FjLTg4N2UtYjUyMS0zYTBjOWM1ZDA4ZDYiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJFZGR5Rml0eiIsImVtYWlsIjoiZWRkeWZpdHpAZ3RleHRlc3QuY29tIiwidGVuYW50aWQiOiIwZWVjM2M1OS1mNzE4LWE5MTYtM2M4Ny0zYTBjOWM1N2RhZjgiLCJ1bmlxdWVfbmFtZSI6IkVkZHlGaXR6Iiwib2lfYXVfaWQiOiI0ZDljNWJmYy0wYWM1LTkyNTktYTFkZS0zYTBjOWZhODE4MTUiLCJhenAiOiJDbG92ZXJsZWFmQ01TIiwiYXRfaGFzaCI6ImRhaWZNQnk0MG5yaGZHek1UeGt5ZEEiLCJvaV90a25faWQiOiIwNzFkMzE0ZC00Njg1LTA0MmEtMjU3MC0zYTBkYzUwMDExY2QiLCJhdWQiOiJDbG92ZXJsZWFmQ01TIiwiZXhwIjoxNjk1MjE4NTAxLCJpc3MiOiJodHRwczovL2F1dGhzZXJ2ZXIuY2xvdmVybGVhZmNtcy5kZXYvIiwiaWF0IjoxNjk1MjE3MzAxfQ.eYbszCdoQR-nz2qpEvLgq1lsxYZqw7nYCLlhaoKwk1Y_TyQVoCode59kbhX_hSnFuvOTFBbw_cq2qES9nAr0s8UED4cStuVmsNGHTcjmozLFCaRUjKpQZRoXvKDupZ-ggE-lj6ME4VMvxUbscIYL71P5ravYf4uxLMt4_FBGyGycMBjzqWLZxzXzhi74UYwaPFK7OdNXHLEKPd4K60tDRNejUjTX4C4_GGt_wlJte5AAQmTO-lG7XX0LQ7axe92lszc4AAIE94jW-mP9XGFvVhicOmH6Vz35yc_mnbERCY0GP2BXrOBM4Txnf3KWYPE_gm466VyAkxMdnlfSIkNcgg&post_logout_redirect_uri=https%3A%2F%2Ftxguardians.cloverleafcms.de%2Fauth%2Flogin - - - 302 0 - 3.9412ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=400 - - [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). [13:42:18 INF] Executing ViewResult, running view ~/Views/Error/Default.cshtml. [13:42:18 INF] Executed ViewResult - view ~/Views/Error/Default.cshtml executed in 36.7005ms. [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 44.9802ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=400 - - - 400 - text/html;+charset=utf-8 58.0027ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css?_v=638308125905720381 - - [13:42:18 INF] The file /__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css was not modified [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css?_v=638308125905720381 - - - 304 - text/css 0.6481ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js?_v=638308125910957110 - - [13:42:18 INF] The file /__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js was not modified [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js?_v=638308125910957110 - - - 304 - application/javascript 0.9618ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationLocalizationScript?cultureName=en - - [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationConfigurationScript - - [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ServiceProxyScript - - [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationConfigurationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] Get() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController (Volo.Abp.AspNetCore.Mvc). [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationLocalizationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationRequestDto) on controller Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController (Volo.Abp.AspNetCore.Mvc). [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Route matched with {area = "Abp", action = "GetAll", controller = "AbpServiceProxyScript", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult GetAll(Volo.Abp.AspNetCore.Mvc.ProxyScripting.ServiceProxyGenerationModel) on controller Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController (Volo.Abp.AspNetCore.Mvc). [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc) in 2.6807ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ServiceProxyScript - - - 200 158 application/javascript 24.4625ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/~images/logo/leptonx/logo-dark.jpeg - - [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/~images/logo/leptonx/logo-dark.jpeg - - - 302 0 - 13.6779ms [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) in 84.8822ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationConfigurationScript - - - 200 8397 application/javascript 99.8249ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=404 - - [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). [13:42:18 INF] Executing ViewResult, running view ~/Views/Error/404.cshtml. [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 185.967ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationLocalizationScript?cultureName=en - - - 200 75987 application/javascript 207.3579ms [13:42:18 INF] Executed ViewResult - view ~/Views/Error/404.cshtml executed in 40.9456ms. [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 49.9008ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=404 - - - 404 - text/html;+charset=utf-8 72.4962ms

Thanks. That answered the question.

We modified the tenant resolver to read from a database table to get the tenant based on the full URL. Happy to share it with others.

Hi,

Thanks.

It worked for the Redirect Url but not the PostLogoutRedirectUrls.

Here's the error from the logs: [13:16:29 INF] The logout request was successfully extracted: { "id_token_hint": "[redacted]", "post_logout_redirect_uri": "https://txguardians.cloverleafcms.de/auth/login" }. [13:16:29 INF] The logout request was rejected because the specified post_logout_redirect_uri was invalid: https://txguardians.cloverleafcms.de/auth/login.

And this is the code in the authserver module:

        {
            options.EnableWildcardDomainSupport = true;
            options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/signin-oidc");
            options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/silent-refresh");
            options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/auth/login");
            options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/auth/signout-callback-oidc");
            options.WildcardDomainsFormat.Add("https://{0}:9000/signin-oidc");
            options.WildcardDomainsFormat.Add("https://{0}:9000/auth/signout-callback-oidc");
            options.WildcardDomainsFormat.Add("https://{0}:44321/signin-oidc");
            options.WildcardDomainsFormat.Add("https://{0}:44321/signout-callback-oidc");
        });

Am I missing something?

  • ABP Framework version: v7.2.2 Commercial
  • UI Type: Vuejs / MVC
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: [18:21:51 INF] Client validation failed because 'https://txguardians.cloverleafcms.de/signin-oidc' was not a valid redirect_uri for CloverleafCMS. [18:21:51 INF] The authorization request was rejected because the redirect_uri was invalid: 'https://txguardians.cloverleafcms.de/signin-oidc'. [18:21:51 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/connect/authorize?client_id=CloverleafCMS&redirect_uri=https%3A%2F%2Ftxguardians.cloverleafcms.de%2Fsignin-oidc&response_type=code&scope=offline_access+openid+profile+email+phone+AccountService+IdentityService+AdministrationService+SaasService+ClientService+ServicesService+ClientServiceQueryService&state=49e43d931566491a8ec807f6c9a9999b&code_challenge=cunGRYyyMCRmOzS32JF78ZKpWJ33SxHjtyulWlg5MZo&code_challenge_method=S256&response_mode=query - - - 302 0 - 29.5866ms [18:21:51 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=400 - - [18:21:51 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [18:21:51 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). [18:21:52 INF] Executing ViewResult, running view ~/Views/Error/Default.cshtml. [18:21:52 INF] Executed ViewResult - view ~/Views/Error/Default.cshtml executed in 65.666ms. [18:21:52 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 1195.7552ms [18:21:52 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [
  • Steps to reproduce the issue: We're using the auth-server MVC app in the microservices template. We get the above error when the RedirectUris in the Identity database OpenIdDictApplications table for an application has https://*.cloverleafcms.de.

When I enter the full uri RedirectUris field We don't get the error.

We have the same issue with the CORSOrigins in the application settings/confguration.

We're a SaaS provider and currently have over 80 clients and growing every year. I thought I read a previous post (can't find it) where someone else had the same issue.

How can we use a wildcard to match the custom domains for our clients? (Note about 90% will have something like XXX.cloverleafcms.de).

Thank you

Provide us with the following info:

  • ABP Framework version: v7.2.2 Commercial
  • UI Type: MVC / Vuejs
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: N/A
  • Steps to reproduce the issue: N/A

We're currently using the micro services template with the auth-server as an MVC application.

We're a SaaS provider with dozens of client tenants. Each has either their own domain or a subdomain under our brand domain. For example: auth.mydomain1.com auth.mydomain2.com etc.

What we want to do is have one auth-server application that is mapped to multiple domains and/or subdomains. However in the auth-server application configuration (appsettings) there is only one SelfUrl.

In our vue application we're using the oidc-client.ts NPM module to access the auth-server openiddict. In the oidc-client User Manager settings I can set the redirect url to ${window.location.origin}/signin-oidc, so it's correctly routed back to the Vue application after authentication. I can also specify the authority url to include the client domain auth.${window.location.origin}. In the above examples, if I specify auth.mydomain1.com as the authority, it won't find it since there's only 1 SelfUrl in the appsettings of the auth-server.

How do I have multiple "SelfUrls" based on tenant domain/subdomain in the auth server so I can call it from the Vue application (or any other application for that matter)?

I know one way is to have a different auth server application running for each domain instance but that gets expensive since we have over 80 clients today.

Looking forward to your response. Thank you.

We've developed a solution using the microservices template.

We have 2 services with their own database. We need to create a query using the Abp libraries that joins results from queries from each of the databases.

Use case:

The client microservices manages clients. The programs service manages programs that are assigned to clients.

We want to have one query that gets all of the programs of a given type. We want to have a second query that returns all of the clients associated with those programs.

How do we do that using the microservices template? Has anyone done this before and if so is there a sample we can follow?

Showing 31 to 40 of 48 entries
Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06