Trying to do a proof of concept that allows a third party application to use the embedded IdentityServer for single sign on. I can see that the IdentityServer is running because when I request http://localhost:62114/.well-known/openid-configuration, I get:
{{
"issuer": "http://localhost:62114",
"jwks_uri": "http://localhost:62114/.well-known/openid-configuration/jwks",
"authorization_endpoint": "http://localhost:62114/connect/authorize",
"token_endpoint": "http://localhost:62114/connect/token",
"userinfo_endpoint": "http://localhost:62114/connect/userinfo",
"end_session_endpoint": "http://localhost:62114/connect/endsession",
"check_session_iframe": "http://localhost:62114/connect/checksession",
"revocation_endpoint": "http://localhost:62114/connect/revocation",
"introspection_endpoint": "http://localhost:62114/connect/introspect",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"backchannel_logout_supported": true,
"backchannel_logout_session_supported": true,
"scopes_supported": [
"openid",
"profile",
"email",
"phone",
"default-api",
"offline_access"
],
"claims_supported": [
"sub",
"name",
"family_name",
"given_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"gender",
"birthdate",
"zoneinfo",
"locale",
"updated_at",
"email",
"email_verified",
"phone_number",
"phone_number_verified"
],
"grant_types_supported": [
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"password"
],
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"plain",
"S256"
]
}}
The problem is that when I make a request to http://localhost:62114/connect/authorize, I get an error:
Full request:
http://localhost:62114/connect/authorize?client_id=implicit&redirect_uri=http%3A%2F%2Flocalhost%3A44077%2Fsignin-oidc&response_type=id_token&scope=openid%20profile%20email&response_mode=form_post&nonce=636731393554871981.ODg5OGYzOTYtNWVlMy00MWNmLWE1Y2MtY2ViNmVlNzBmZTZhNTcwNTM0NzktNzhkNC00ZGYzLThjYzgtMWRkZGM4OGVlNzk2&state=CfDJ8LRmRAoWNcxFrJRw5HHQysTVsGMPTIG8jR0PvpWOtlmzv6mv1PSS1SmG6ZeRprtHTf37KjojOFDAteGgRtkvVFZh94XUjvLpVPKCtkqDFTw5LyH3w0PxbJIZ08SX4t2c7HQhmfoou4zCOfevPq6bNgmW-mvUIEEDn1GQmleMrUz48gPlaa2Sp-pN87E7kMyfVcdQ7dnzsCPKevbT7qvdpZwwEFtjXXqj5fhxGXawezOAKTpaIlLPY1Z0MahhwIJELdO5Fm773h4-RYft9gr6730xR221nsp1Ma66kZrIklbVZutERJcPyoIJktOJJMvBJ32UVzrasdqPLV4lK4mQzn0&x-client-SKU=ID_NET&x-client-ver=2.1.4.0
And the error:
HTTP/1.1 302 Found
Location: http://localhost:62114/home/error?errorId=CfDJ8LRmRAoWNcxFrJRw5HHQysSZzqNP2t0VE4h3EjoX9QLFs3G52aKE59RK1G27QDS4sMCpbWilnW9Tuucwl6HBTORZN7BG6pKpB1MfsqBJiQ-jD9mvVj1pABzybvQt2m0gTHFA7F-ZqD5nW-HHFGgfmt238snkhwI5Qw_dXOfjJWiij30JBg8S40174f7wlAi3b1uhIGpcicw6tj-UpWSBh-gI83-eNbKRvpZBDKPQZYadzNfKUNBSHvTSz4uzGTJvDCBIGdu-GZWfnZwhDtLuXi5_oxOhcMvh2wRed45l4pnHS6ADllB-pXwPF2LnkwvCwQ
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-SourceFiles: =?UTF-8?B?QzpcVXNlcnNcY3Rob21wc29uLkdPU01DUEFSVE5FUlNcRG9jdW1lbnRzXFZpc3VhbCBTdHVkaW8gMjAxN1xQcm9qZWN0c1xBc3BOZXRaZXJvVGVzdFxUZXN0Q2FjaGVcVGVzdFxUZXN0XHNyY1xTbWMuVGVzdC5XZWIuTXZjXGNvbm5lY3RcYXV0aG9yaXpl?=
Date: Fri, 21 Sep 2018 15:09:15 GMT
Content-Length: 0
Thoughts on what I'm doing wrong?
4 Answer(s)
-
0
Do you find any related errors in
App_Data\Log.text? -
0
'm running it locally through the visual studio. In the output window, I see the following. Not sure why the user is "null".
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:44077/Home/Secure Application Insights Telemetry (unconfigured): {"name":"Microsoft.ApplicationInsights.Dev.Message","time":"2018-09-24T12:46:38.6354277Z","tags":{"ai.operation.parentId":"|1cf896f5-44eb375068b6ca69.","ai.operation.name":"GET /Home/Secure","ai.operation.id":"1cf896f5-44eb375068b6ca69","ai.internal.nodeName":"CTHOMPSON0C3C","ai.internal.sdkVersion":"aspnet5c:2.1.1","ai.application.ver":"1.0.0.0","ai.location.ip":"127.0.0.1","ai.cloud.roleInstance":"CTHOMPSON0C3C"},"data":{"baseType":"MessageData","baseData":{"ver":2,"message":"Request starting HTTP/1.1 GET http://localhost:44077/Home/Secure","severityLevel":"Information","properties":{"AspNetCoreEnvironment":"Production","DeveloperMode":"true","Method":"GET","Path":"/Home/Secure","Protocol":"HTTP/1.1","Scheme":"http","Host":"localhost:44077","CategoryName":"Microsoft.AspNetCore.Hosting.Internal.WebHost"}}}} Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: (null).
-
0
Checkout under Test ConsoleApiClient example for calls to ID server.
-
0
- use only "implicit" as AllowedGrantTypes in appsetting.json.
- use a url like this
http://localhost:62114/connect/authorize?client_id=demo&scope=openid&response_type=id_token&nonce=123&redirect_uri=http://localhost:62114
You can check http://docs.identityserver.io/en/release/endpoints/authorize.html for more details.
