brunobritodev / jpproject.identityserver4.sso Goto Github PK
View Code? Open in Web Editor NEW:lock: ASP.NET Core 3.1 Open Source SSO. Built within IdentityServer4 :key:
Home Page: https://sso.jpproject.net/
License: MIT License
:lock: ASP.NET Core 3.1 Open Source SSO. Built within IdentityServer4 :key:
Home Page: https://sso.jpproject.net/
License: MIT License
I test the case, the angular client or react client logout,and logoutId has value. but the PostLogoutRedirectUri always null. how to fix it?!
the code:
private async Task BuildLogoutViewModelAsync(string logoutId)
{
var vm = new LogoutViewModel { LogoutId = logoutId, ShowLogoutPrompt = AccountOptions.ShowLogoutPrompt };
if (User?.Identity.IsAuthenticated != true)
{
// if the user is not authenticated, then just show logged out page
vm.ShowLogoutPrompt = false;
return vm;
}
var context = await _interaction.GetLogoutContextAsync(logoutId);
vm.Client = context?.ClientName; //has value
vm.PostLogoutRedirectUri = context?.PostLogoutRedirectUri; //null,the value is already in database table ClientPostLogoutRedirectUris.
return vm;
}
I cloned the project and it's running but noticed that \src\Frontend\Jp.AdminUI is missing. Looking around, I do see that both build.bat and start.bat in the build folder do reference the folder but it's not there. If the code in the JPProject.IdentityServer4.AdminUI repo up to date with the latest files? I did get it running and connected to this builds API but thought I'd mention it.
Before I forget, THANK YOU for all the work on this project! It's very much appreciated!!!
when using edge and chrome for login, after submitting the login button, the login page every time shows and does not redirect to the next pages. the login is a success and the redirect to /connect.... but the login page showed again. this is ok when using firefox and worked correctly.
How To Solve:
If change HTTP to HTTPS protocols everything is ok! but you should solve bigger problems! usings HTTPS internal and outer Kubernetes network have more problems!
The documentation in quickstarts/vs_vscode.html has a screen dump of the solution's startup projects, where the projects JP.UI.SSO and JP.UserManagement are set to "Start". But JP.UserManagement is not in the solution JPProject.SSO.sln. In addition, there are several projects listed (Jp.Domain.Core, Jp.Infra.CrossCutting.Bus, etc) which are not in JpProject.SSO.sln.
The build scripts (such as build.bat, start.bat) seems to be outdated.
It does not match the current folder/project structure.
Thanks.
Active directory maintains user name and passwords, is it possible to integrate with that?
I'm build docker image and run it, but when I using http the redirect doen;t work..
_signInManager.PasswordSignInAsync()will take 5 seconds every time.
I find the DB table [Users], the primary key UserId is nvarchar(450) ,not Int identity primary key...
How to fix login too slow ..
Seems demo's pages are not working. For example if you try to list the users... the page show please wait message for ever :)
I try to add a new migration with new tables, but I cannot correctly generate the migration file with add-migration.
Describe the bug
The docker-compose currently uses MySQL as a database and works fine. When changing the docker-compose file to use SQL Server the jpproject-sso image does not launch. This results in nginx giving a 502 Bad gateway error because the project never launched.
All other images including the API launch successfully. I have identified that the issue happens due to the seeding of the database when calling EnsureCreated()
.
The process freezes somewhere on a SaveChangesAsync()
call. However this does not happen consistently. Sometimes (rarely) everything launches normally including the SSO, but more often than not the SSO freezes, breaking the project.
Because of this I have decided to use MySQL for the time being, but would like to use MSSQL Server in the future.
jpdatabase_1 | SQL Server 2019 will run as non-root by default.
jpdatabase_1 | This container is running as user root.
jpdatabase_1 | Your master database file is owned by root.
jpdatabase_1 | To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216.
jpproject-api_1 | [12:47:33 INF] Testing conection with database
jpproject-api_1 | [12:47:34 INF] Entity Framework Core 3.1.3 initialized 'SsoContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Jp.Database
jpdatabase_1 | 2020-05-11 12:47:36.37 Server Microsoft SQL Server 2017 (RTM-CU19) (KB4535007) - 14.0.3281.6 (X64)
jpdatabaJan 23 2020 21:00:04
jpdatabaCopyright (C) 2017 Microsoft Corporation
jpdatabaDeveloper Edition (64-bit) on Linux (Ubuntu 16.04.6 LTS)
2020-05-11 12:47:36.38 Server UTC adjustment: 0:00
2020-05-11 12:47:36.38 Server (c) Microsoft Corporation.
2020-05-11 12:47:36.38 Server All rights reserved.
2020-05-11 12:47:36.39 Server Server process ID is 40.
2020-05-11 12:47:36.39 Server Logging SQL Server messages in file '/var/opt/mssql/log/errorlog'.
2020-05-11 12:47:36.39 Server Registry startup parameters:
jpdataba -d /var/opt/mssql/data/master.mdf
jpdataba -l /var/opt/mssql/data/mastlog.ldf
jpdataba -e /var/opt/mssql/log/errorlog
2020-05-11 12:47:36.40 Server SQL Server detected 1 sockets with 1 cores per socket and 2 logical processors per socket, 2 total logical processors; using 2 logical processors based on SQL Server licensing. This is an informational message; no user action is required.
2020-05-11 12:47:36.40 Server SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.
2020-05-11 12:47:36.41 Server Detected 1592 MB of RAM. This is an informational message; no user action is required.
2020-05-11 12:47:36.41 Server Using conventional memory in the memory manager.
2020-05-11 12:47:36.54 Server Buffer pool extension is already disabled. No action is necessary.
2020-05-11 12:47:36.76 Server InitializeExternalUserGroupSid failed. Implied authentication will be disabled.
2020-05-11 12:47:36.76 Server Implied authentication manager initialization failed. Implied authentication will be disabled.
2020-05-11 12:47:36.77 Server Successfully initialized the TLS configuration. Allowed TLS protocol versions are ['1.0 1.1 1.2']. Allowed TLS ciphers are ['ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA'].
2020-05-11 12:47:36.81 Server The maximum number of dedicated administrator connections for this instance is '1'
2020-05-11 12:47:36.81 Server Node configuration: node 0: CPU mask: 0x0000000000000003:0 Active CPU mask: 0x0000000000000003:0. This message provides a description of the NUMA configuration for this computer. This is an informational message only. No user action is required.
2020-05-11 12:47:36.82 Server Using dynamic lock allocation. Initial allocation of 2500 Lock blocks and 5000 Lock Owner blocks per node. This is an informational message only. No user action is required.
2020-05-11 12:47:36.83 Server In-Memory OLTP initialized on lowend machine.
2020-05-11 12:47:36.88 Server Database Instant File Initialization: enabled. For security and performance considerations see the topic 'Database Instant File Initialization' in SQL Server Books Online. This is an informational message only. No user action is required.
ForceFlush is enabled for this instance.
2020-05-11 12:47:36.89 spid6s Starting up database 'master'.
2020-05-11 12:47:36.90 Server Query Store settings initialized with enabled = 1,
2020-05-11 12:47:36.92 Server Software Usage Metrics is disabled.
ForceFlush feature is enabled for log durability.
2020-05-11 12:47:37.21 spid6s Resource governor reconfiguration succeeded.
2020-05-11 12:47:37.22 spid6s SQL Server Audit is starting the audits. This is an informational message. No user action is required.
2020-05-11 12:47:37.23 spid6s SQL Server Audit has started the audits. This is an informational message. No user action is required.
2020-05-11 12:47:37.31 spid6s SQL Trace ID 1 was started by login "sa".
2020-05-11 12:47:37.33 spid6s Server name is 'a7675613e2ce'. This is an informational message only. No user action is required.
2020-05-11 12:47:37.35 spid20s Always On: The availability replica manager is starting. This is an informational message only. No user action is required.
2020-05-11 12:47:37.36 spid20s Always On: The availability replica manager is waiting for the instance of SQL Server to allow client connections. This is an informational message only. No user action is required.
2020-05-11 12:47:37.37 spid9s Starting up database 'mssqlsystemresource'.
2020-05-11 12:47:37.19 spid9s The resource database build version is 14.00.3281. This is an informational message only. No user action is required.
2020-05-11 12:47:37.20 spid6s Starting up database 'msdb'.
2020-05-11 12:47:37.24 spid9s Starting up database 'model'.
2020-05-11 12:47:37.51 spid9s Polybase feature disabled.
2020-05-11 12:47:37.52 spid9s Clearing tempdb database.
2020-05-11 12:47:37.53 spid18s A self-generated certificate was successfully loaded for encryption.
2020-05-11 12:47:37.55 spid18s Server is listening on [ 'any' <ipv6> 1433].
2020-05-11 12:47:37.56 spid18s Server is listening on [ 'any' <ipv4> 1433].
2020-05-11 12:47:37.57 Server Server is listening on [ ::1 <ipv6> 1434].
2020-05-11 12:47:37.58 Server Server is listening on [ 127.0.0.1 <ipv4> 1434].
2020-05-11 12:47:37.59 Server Dedicated admin connection support was established for listening locally on port 1434.
2020-05-11 12:47:37.61 spid18s SQL Server is now ready for client connections. This is an informational message; no user action is required.
2020-05-11 12:47:37.91 spid9s Starting up database 'tempdb'.
2020-05-11 12:47:37.99 spid9s The tempdb database has 1 data file(s).
2020-05-11 12:47:38.00 spid20s The Service Broker endpoint is in disabled or stopped state.
2020-05-11 12:47:38.02 spid20s The Database Mirroring endpoint is in disabled or stopped state.
2020-05-11 12:47:38.04 spid20s Service Broker manager has started.
2020-05-11 12:47:38.08 spid6s Recovery is complete. This is an informational message only. No user action is required.
jpproject-api_1 | [12:47:38 INF] Executed DbCommand (16ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
jpproject-api_1 | SELECT 1
jpproject-api_1 | [12:47:38 INF] Executed DbCommand (11ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
jpproject-api_1 | SELECT OBJECT_ID(N'[__EFMigrationsHistory]');
jpproject-api_1 | [12:47:38 INF] Connection successfull
jpproject-api_1 | [12:47:38 INF] Check if database contains Client (ConfigurationDbStore) table
jpproject-api_1 | [12:47:38 INF] Executed DbCommand (8ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
jpproject-api_1 | SELECT CASE
jpproject-api_1 | WHEN EXISTS (
jpproject-api_1 | SELECT 1
jpproject-api_1 | FROM [Clients] AS [c]) THEN CAST(1 AS bit)
jpproject-api_1 | ELSE CAST(0 AS bit)
jpproject-api_1 | END
jpproject-api_1 | [12:47:38 INF] Check if database contains PersistedGrant (PersistedGrantDbStore) table
jpproject-api_1 | [12:47:38 INF] Executed DbCommand (1ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
jpproject-api_1 | SELECT CASE
jpproject-api_1 | WHEN EXISTS (
jpproject-api_1 | SELECT 1
jpproject-api_1 | FROM [PersistedGrants] AS [p]) THEN CAST(1 AS bit)
jpproject-api_1 | ELSE CAST(0 AS bit)
jpproject-api_1 | END
jpproject-api_1 | [12:47:38 INF] Checks done
jpproject-api_1 | [12:47:38 INF] Entity Framework Core 3.1.3 initialized 'SsoContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Jp.Database
jpproject-api_1 | [12:47:38 INF] Executed DbCommand (1ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
jpproject-api_1 | SELECT [d].[Xml]
jpproject-api_1 | FROM [DataProtectionKeys] AS [d]
jpproject-api_1 | [12:47:38 INF] Creating key {c5a20961-31f9-4dbb-b179-13b8c0f986e4} with creation date 2020-05-11 12:47:38Z, activation date 2020-05-11 12:47:38Z, and expiration date 2020-08-09 12:47:38Z.
jpproject-api_1 | [12:47:38 INF] Entity Framework Core 3.1.3 initialized 'SsoContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Jp.Database
jpproject-api_1 | [12:47:38 INF] Executed DbCommand (26ms) [Parameters=[@p0='?' (Size = 4000), @p1='?' (Size = 4000)], CommandType='Text', CommandTimeout='30']
jpproject-api_1 | SET NOCOUNT ON;
jpproject-api_1 | INSERT INTO [DataProtectionKeys] ([FriendlyName], [Xml])
jpproject-api_1 | VALUES (@p0, @p1);
jpproject-api_1 | SELECT [Id]
jpproject-api_1 | FROM [DataProtectionKeys]
jpproject-api_1 | WHERE @@ROWCOUNT = 1 AND [Id] = scope_identity();
jpproject-api_1 | [12:47:38 INF] Entity Framework Core 3.1.3 initialized 'SsoContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Jp.Database
jpproject-api_1 | [12:47:38 INF] Executed DbCommand (0ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
jpproject-api_1 | SELECT [d].[Xml]
jpproject-api_1 | FROM [DataProtectionKeys] AS [d]
jpproject-api_1 | [12:47:39 INF] Now listening on: http://[::]:80
jpproject-api_1 | [12:47:39 INF] Application started. Press Ctrl+C to shut down.
jpproject-api_1 | [12:47:39 INF] Hosting environment: Development
jpproject-api_1 | [12:47:39 INF] Content root path: /app
To Reproduce
Steps to reproduce the behavior:
image: mcr.microsoft.com/mssql/server:2017-latest
restart: unless-stopped
expose:
- "1433"
environment:
ACCEPT_EULA: "Y"
# SQL SA Password must be: min 8 characters, upper, lower and number or special character
MSSQL_SA_PASSWORD: Let_Me_In
CUSTOMCONNSTR_SSOConnection: "Server=jpdatabase;Database=tempdb;User ID=sa;Password=Let_Me_In;MultipleActiveResultSets=true"
ApplicationSettings:DatabaseType: SqlServer
Expected behavior
Jpproject-sso container launches succesfully and gives output of its status.
Desktop (please complete the following information):
I'm have builed docker images API management and SSO.UI and rut it.
But After login it doesn;t redirect to Front end.
build.bat has the following line:
dotnet build "../src/Backend/Jp.UserManagement"
but no such project exists.
As described in the docs the extensibility point to customize the user flow is the IIdentityFactory
interface, but the UserAppService
class is closed to extension making the flow coupled with the RegisterNewUserCommand
.
I can think of two solutions for the short period I've studied the code:
UserAppService
as virtual, making it possible to override them and sending another command to mediatr. In this case it will work with a simple cast of the UserCommand
to the desired command inside the factory as we can work with polymorphic dispatch;IIdentityFactory
into another interfaces for each specific case and use a generic type as the parameter, something like ICreateIdentityFactory<TUser, TCommand>
The main idea is to reuse the out of box classes to avoid rewriting entire classes.
Hi Bruno, hope you are well,
I downloaded the latest version of this project and everything runs fine on localhost, but when I take it to "prod" speciffically the Usermanegement UI while register a new user the call to sign up api fails the first time, and gives 502 Error (Bad gateway), If I click register button again for a second time, Im able to register the user,
It is so weird, I was thinking about the request timeout on the api but I changed it and it is the same behavior,
Another thing I noticed was in the first call in the web browser console I see a cors issue, it is like the api is blocking the UI, but I didnt change anything in the api related to cors, actually they are as default.
this is a qa env https://usermanagement.rankeadictos.cl/login
hope you can help
Thanks you so much.
Describe the bug
When clients or protected resources are saved, it is deleting the secrets. in the case of protected resources, it clears secrets and scopes
To Reproduce
Steps to reproduce the behavior:
Expected behavior
That When client information or protected resource is changed, secrets are kept
Desktop (please complete the following information):
I tried running the full project (version 3.1) via docker-compose.
I have the instances running, but when i try to access any of the adminUI or user apps, i get errors pertaining to CORS.
Access to XMLHttpRequest at 'http://jpproject-sso:5001/.well-known/openid-configuration' from origin 'http://jpproject-sso:4400' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I am running this on windows
In the documentation, you reference MFA. How is MFA implemented? I can't seem to find anything in code to enable MFA or what forms are used. Does it support authenticator apps, a code via sms/email, or something else?
It looks like if we want to add that, I'll need to modify the JPProject.Core so the AminAPI can provide the functionality for configuration then change the SSO to implement MFA during login.
BTW, thanks for all the work you've put into this! I greatly appreciate the head start into what we're doing.
Hi,
I cannot find in the project a directory of migrations to be able to create the database afterwards. If I want to create it with the following command in the PM console, in Jp.Database project: Add-Migration DbInit -context SsoContext -output Data/Migrations, I have the following error: Unable to create an object of type 'SsoContext'. For the different patterns supported at design time.
do you have any idea?
thx
https://localhost:5002/ has already authorized by Authorization URL: https://localhost:5000/connect/authorize. When I try it out API
the log info : AuthenticationScheme: Bearer was not authenticated. Authorization failed.
How to fix the bug?Environment is development. Thanks.
Describe the bug
In the documentation I should find a project called "/Frontend/Jp.AdminUI" but I cannot find it in this Repo !
Is there any alternatives in SSO Repo ?
Describe the bug
Unable to remove a claim associated with a user. The API error message is __{"errors":{"RemoveUserClaimCommand":["Username must be set"]},"title":"One or more validation errors occurred.","status":400}
To Reproduce
Steps to reproduce the behavior:
Expected behavior
the claim should be deleted.
after checking the controller's action, this is normal because the "username" is never bind to a parameter
[HttpDelete, Route("{username}/claims/{type}"), Authorize(Policy = "Admin")]
public async Task RemoveClaim(string type, string value)
{
var model = new RemoveUserClaimViewModel(type, value);
await _userManageAppService.RemoveClaim(model);
return ResponseDelete();
}
Also, looking at the network traffic in the browser, the claim value doesn't seem to be passed from the Angular Frontend
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
Regards
Is your feature request related to a problem? Please describe.
When add new Client, it encourage users to add old flows, almost deprecate, like Resource Owner Password credentials
Describe the solution you'd like
Change UI and routines to use Client Credentials and authorization_code instead implicit.
I'm using postgres when debug in VS 2019
FROM "Clients" AS c)
[22:25:33 ERR] An exception occurred while iterating over the results of a query for context type 'Jp.Database.Context.SsoContext'.
Npgsql.PostgresException (0x80004005): 42P01: relation "Clients" does not exist
at Npgsql.NpgsqlConnector.<>c__DisplayClass160_0.<<DoReadMessage>g__ReadMessageLong|0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Npgsql.NpgsqlConnector.<>c__DisplayClass160_0.<<DoReadMessage>g__ReadMessageLong|0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Npgsql.NpgsqlDataReader.NextResult(Boolean async, Boolean isConsuming)
at Npgsql.NpgsqlCommand.ExecuteReaderAsync(CommandBehavior behavior, Boolean async, CancellationToken cancellationToken)
at Npgsql.NpgsqlCommand.ExecuteDbDataReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Query.Internal.QueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(DbContext _, Boolean result, CancellationToken cancellationToken)
at Npgsql.EntityFrameworkCore.PostgreSQL.Storage.Internal.NpgsqlExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func`4 operation, Func`4 verifySucceeded, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Query.Internal.QueryingEnumerable`1.AsyncEnumerator.MoveNextAsync()
Exception data:
Severity: ERROR
SqlState: 42P01
MessageText: relation "Clients" does not exist
Position: 41
File: parse_relation.c
Line: 1180
Routine: parserOpenTable
Npgsql.PostgresException (0x80004005): 42P01: relation "Clients" does not exist
at Npgsql.NpgsqlConnector.<>c__DisplayClass160_0.<<DoReadMessage>g__ReadMessageLong|0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Npgsql.NpgsqlConnector.<>c__DisplayClass160_0.<<DoReadMessage>g__ReadMessageLong|0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Npgsql.NpgsqlDataReader.NextResult(Boolean async, Boolean isConsuming)
at Npgsql.NpgsqlCommand.ExecuteReaderAsync(CommandBehavior behavior, Boolean async, CancellationToken cancellationToken)
at Npgsql.NpgsqlCommand.ExecuteDbDataReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Query.Internal.QueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(DbContext _, Boolean result, CancellationToken cancellationToken)
at Npgsql.EntityFrameworkCore.PostgreSQL.Storage.Internal.NpgsqlExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func`4 operation, Func`4 verifySucceeded, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Query.Internal.QueryingEnumerable`1.AsyncEnumerator.MoveNextAsync()
Exception data:
Severity: ERROR
SqlState: 42P01
MessageText: relation "Clients" does not exist
Position: 41
File: parse_relation.c
Line: 1180
Routine: parserOpenTable
Is there a way to set cross origin policy from environments in docker-compose file ?
I create a new MVC client use hybrid grant type.
`public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
IdentityModelEventSource.ShowPII = true;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.AccessDeniedPath = "/Authorization/AccessDenied";
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = "https://jpprojectsso.inthink.top:5000"; //
options.RequireHttpsMetadata = false;
options.ClientId = "TestClient";
options.ClientSecret = "Client Secrets";
options.SaveTokens = true;
options.ResponseType = "code id_token";
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Clear();
options.Scope.Add(OidcConstants.StandardScopes.OpenId);
options.Scope.Add(OidcConstants.StandardScopes.Profile);
options.TokenValidationParameters = new TokenValidationParameters
{
//NameClaimType = JwtClaimTypes.Name,
//RoleClaimType = JwtClaimTypes.Role
};
});
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
//app.UseHsts();
}
// app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseRouting();
app.UseAuthorization();
app.UseAuthentication(); //signin-oidc 404
//app.UseMiddleware<AuthorizeRequestMiddleware>(); //connect/authorize 302redirect
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
and Controller like this:
[Authorize]
public IActionResult Privacy()
{
return View();
}`
then deploy test enverioment. authorize success,but always 302 redirect...
How should resolute this problem?
Thanks,
Jing
This is an issue experienced on the latest 2.0 branch. master is ok.
When updating an existing client, the child relationships are duplicated.
Scopes, Grants, Redirect URIs
To Reproduce
Steps to reproduce the behavior:
IdentityServer4.EntityFramework.Entities.Client -> IdentityServer4.Models.Client
Destination Member:
AllowedGrantTypes
---> System.InvalidOperationException: Grant types list contains duplicate values
Checking the database reveals that all children of the Client have been duplicated.
Describe the bug
I'm getting an error when i run the "docker-run.bat"
To Reproduce
Steps to reproduce the behavior:
Screenshots
Desktop:
Is your feature request related to a problem? Please describe.
Actually SignUp endpoint there is no prevention agains bots.
Describe the solution you'd like
SignUp endpoint should have some bot prevention, like reCaptcha. UserAdmin endpoint should have a registration endpoint without reCaptcha, but protected by AuthServer.
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
Hi,
I just checked that the demo of this project has CORS error.
I think you can solve them by applying the actual array of permitted URL'S:
1 - get the list of URL's from appsettings:
string[] corsUrl = configuration.GetSection("ApplicationSettings:Cors").Get<string[]>();
2 - Load the array on startup:
services.AddCors(options =>
{
options.AddPolicy("Default",
builder => builder.AllowAnyOrigin()
.WithOrigins(corsUrl)
.SetIsOriginAllowed((host) => true)
.AllowAnyMethod()
.AllowAnyHeader());
});
Hello, thanks for this project it is really great,
My issue is, I was trying to use this example from zero, I just installed the code for a quick start, locally works perfectly but when I deployed the code to my hosting turns out that redirecting while login to user management or admin ui urls im having a 404 Status even if im already logged the page for example https://subdomain.domainname.com/login is 404 status but im able to see the login page only with the login button, if I click on it I get 404 to the login-callback page
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
I havent changed anything to upload the code to webhosting, I only changed the Urls respectively
Regards
Describe the bug
Hi,
I noticed one situation which I belibe to be a Bug. Please correct me if I Am wrong:
At this spot the link is generated with userId...
On the other end, at the front-end, an attribute named user is expected:
https://github.com/brunohbrito/JPProject.IdentityServer4.SSO/blob/13660631a97a5186e1a2e69cd5b228bbc09b6fab/src/Frontend/Jp.UserManagement/src/app/pages/confirm-email/confirm-email.component.ts#L44
This leads to the situation where the user cannot confirm his mail...
To Reproduce
Just create a new user with Mail feature active. Once the user clicks the confirm email button, the mail never gets confirmed...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.