Base solution for your next web application
Open Closed

"System.String is not valid as per HTTPS scheme" error when I tried to integrate with keycloak #10539


User avatar
0
elcinasyali created

I am trying to integrate with keycloak but I am getting the following error when I am calling “api/TokenAuth/ExternalAuthenticate” api: "IDX20108: The address specified 'System.String' is not valid as per HTTPS scheme. Please specify an https address for security reasons. If you want to test with http address, set the RequireHttps property on IDocumentRetriever to false. (Parameter 'address')"

Keycloak config:

"OpenId": { "IsEnabled": "true", "ClientId": " demo-app", "ClientSecret": "", "Authority": "http://localhost:8080/auth/realms/demo-app/", "LoginUrl": "http://localhost:8080/auth/realms/master/protocol/openid-connect/auth", "ValidateIssuer": "false", "ClaimsMapping": [ { "claim": "unique_name", "key": "preferred_username" } ] }

Also i have tried the following configuration:

"OpenId": { "IsEnabled": "true", "ClientId": "demo-app", "ClientSecret": "", "Authority": "http://localhost:8080/auth/realms/master/", "LoginUrl": "http://localhost:8080/auth/realms/master/protocol/openid-connect/auth", "ValidateIssuer": "false", "ClaimsMapping": [ { "claim": "unique_name", "key": "preferred_username" } ] }

Also I have added the following code into AuthConfigure:

authenticationBuilder.AddOpenIdConnect(options =>
            {
                options.Authority = configuration["Authentication:OpenId:Authority"];
                options.MetadataAddress = new Uri(new Uri(options.Authority), ".well-known/openid-configuration").ToString();
                options.RequireHttpsMetadata = false;

                options.ClientId = configuration["Authentication:OpenId:ClientId"];
                options.SignedOutRedirectUri = configuration["Authentication:OpenId:LoginUrl"];
                options.ResponseType = OpenIdConnectResponseType.IdToken;


                options.ConfigurationManager =
                    new ConfigurationManager<OpenIdConnectConfiguration>
                    (
                        options.MetadataAddress,
                        new OpenIdConnectConfigurationRetriever(),
                        new HttpDocumentRetriever() { RequireHttps = options.RequireHttpsMetadata }
                    );
            });

4 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @elcinasyali

    By default OpenID Connect is configured in AspNet Zero, see https://github.com/aspnetzero/aspnet-zero-core/blob/dev/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Web.Mvc/Startup/AuthConfigurer.cs#L38.

    Why did you need to add your own configuration ? I think the default usage should work for you, can you try using the default implementation which exists in AspNet Zero ?

    Thanks,

  • User Avatar
    0
    elcinasyali created

    Hi, I have tried it also but I got the same problem. Our keycloak server works on http, do you think it is a problem?

    I have added the following code into AuthConfigure:

               authenticationBuilder.AddOpenIdConnect(options =>
                {
                    options.ClientId = configuration["Authentication:OpenId:ClientId"];
                    options.Authority = configuration["Authentication:OpenId:Authority"];
                    options.SignedOutRedirectUri = configuration["App:ServerRootAddress"] + "Account/Logout";
                    options.ResponseType = OpenIdConnectResponseType.IdToken;
                    options.RequireHttpsMetadata = false;
                    options.MetadataAddress = new Uri(new Uri(options.Authority), ".well-known/openid-configuration").ToString();
    
                    options.TokenValidationParameters = new TokenValidationParameters()
                    {
                        ValidateIssuer = bool.Parse(configuration["Authentication:OpenId:ValidateIssuer"])
                   };
    
                    options.Events.OnTokenValidated = context =>
                    {
                        var jsonClaimMappings = new List<JsonClaimMap>();
                        configuration.GetSection("Authentication:OpenId:ClaimsMapping").Bind(jsonClaimMappings);
    
                        context.AddMappedClaims(jsonClaimMappings);
    
                        return Task.FromResult(0);
                    };
    
                   var clientSecret = configuration["Authentication:OpenId:ClientSecret"];
                    if (!clientSecret.IsNullOrEmpty())
                    {
                        options.ClientSecret = clientSecret;
                    }
                });
    

    Any advice ? Thanks.

  • User Avatar
    0
    musa.demir created

    Hi @elcinasyali I seems like it is not related AspNet Zero.

    . Our keycloak server works on http, do you think it is a problem?

    Might be. See: https://github.com/IdentityServer/IdentityServer4/issues/4645

    Can you check it on https server?

  • User Avatar
    0
    nagib.aouini created

    Hi @elcinasyali , Did you find any solution for this keycloak integration issue?

    Thanks