The administration for the Duende IdentityServer and Asp.Net Core Identity ⚡
License: Apache License 2.0
I'm Jan Škoruba. I am working on open source projects primary related to identity and access control.
I am interested in @openid 🔐 • @oauth2 🔒 • @dotnet 🚀 • @reactjs ⚛
It makes me so happy to see that my projects interest someone else and together we are building something useful.
If you like my work you can support me by donation on paypal or patreon. Thank you. 👍
Do you have any examples of how to configure the connection to an external provider such as Azure AD. I have found the settings in the appsettings.json file which I can configure but I have found in the documentation a lot of information about the calbackpath and the steps on interrogating the data that comes back from the external provider.
Sadly, I am a backend C# API developer and also an Angular frontend person so I am not sure about what code to put where.
Is it possible for me to develop a new Admin in Angular but then still use your Admin API to communicate to the identity server. Is there also a frontend in the STS identity project or is that going a bit too far?
I am struggling to get Docker to work.
Steps to reproduce the behavior:
dotnet new skoruba.duende.isadmin --name MySkApp --title "MySkApp" --adminemail "[email protected]" --adminpassword "Pa$$word123" --adminrole Admin --adminclientid SkorubaAdminClient --adminclientsecret SkorubaAdminClientSecret --dockersupport true127.0.0.1 skoruba.local sts.skoruba.local admin.skoruba.local admin-api.skoruba.localcd shared/nginx/certs; mkcert --install; copy $env:LOCALAPPDATA\mkcert\rootCA.pem ./cacerts.pem; copy $env:LOCALAPPDATA\mkcert\rootCA.pem ./cacerts.crt;
<log goes here>
Related to this feature: skoruba/IdentityServer4.Admin#79
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
On-Prem Active Directory integration.
Describe alternatives you've considered
Not much alternatives right now, unless to go raw Identity Server
Additional context
Add any other context or screenshots about the feature request here.
Related to this feature: skoruba/IdentityServer4.Admin#564
Related to this feature: skoruba/IdentityServer4.Admin#478
I'm running into a strange issue with SSL certs not being trusted when running in IIS from the Admin and Admin API applications. I'm using locally generated certificates from mkcert which are fully trusted by my browser. I have the root certificate installed and things seem fine when examining from the browser side. However, when I attempt to hit the Admin site, I get exceptions and errors because of SSL connection issues with the security token service.
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
Checking the health checks returns Unhealthy as a result: https://admin.identity.development.com/health
{"status":"Unhealthy","totalDuration":"00:00:00.1316345","entries":{"ConfigurationDbContext":{"data":{},"duration":"00:00:00.0351978","status":"Healthy","tags":[]},"PersistedGrantsDbContext":{"data":{},"duration":"00:00:00.0349855","status":"Healthy","tags":[]},"IdentityDbContext":{"data":{},"duration":"00:00:00.0350268","status":"Healthy","tags":[]},"LogDbContext":{"data":{},"duration":"00:00:00.0352917","status":"Healthy","tags":[]},"AuditLogDbContext":{"data":{},"duration":"00:00:00.0351420","status":"Healthy","tags":[]},"DataProtectionDbContext":{"data":{},"duration":"00:00:00.0352220","status":"Healthy","tags":[]},"Identity Server":{"data":{},"description":"The SSL connection could not be established, see inner exception.","duration":"00:00:00.0749101","exception":"The SSL connection could not be established, see inner exception.","status":"Unhealthy","tags":[]},"ConfigurationDb":{"data":{},"duration":"00:00:00.0199259","status":"Healthy","tags":[]},"PersistentGrantsDb":{"data":{},"duration":"00:00:00.0199690","status":"Healthy","tags":[]},"IdentityDb":{"data":{},"duration":"00:00:00.0199584","status":"Healthy","tags":[]},"LogDb":{"data":{},"duration":"00:00:00.0199091","status":"Healthy","tags":[]},"AuditLogDb":{"data":{},"duration":"00:00:00.0144659","status":"Healthy","tags":[]},"DataProtectionDb":{"data":{},"duration":"00:00:00.0144428","status":"Healthy","tags":[]}}}
I tried to regenerate the certificate multiple times, including multiple machine restarts but nothing seems to resolve that issue and I'm not sure what to try next. I created a small application to use HttpClient to see if I can fetch the openid-configuration document manually and that works fine without any SSL errors.
Oddly it also works fine if I run the Admin client in IIS Express (from within Visual Studio) https://localhost:44303/health
{"status":"Healthy","totalDuration":"00:00:00.1320430","entries":{"ConfigurationDbContext":{"data":{},"duration":"00:00:00.0372028","status":"Healthy","tags":[]},"PersistedGrantsDbContext":{"data":{},"duration":"00:00:00.0372451","status":"Healthy","tags":[]},"IdentityDbContext":{"data":{},"duration":"00:00:00.0438421","status":"Healthy","tags":[]},"LogDbContext":{"data":{},"duration":"00:00:00.0373719","status":"Healthy","tags":[]},"AuditLogDbContext":{"data":{},"duration":"00:00:00.0309596","status":"Healthy","tags":[]},"DataProtectionDbContext":{"data":{},"duration":"00:00:00.0394936","status":"Healthy","tags":[]},"Identity Server":{"data":{},"duration":"00:00:00.0820682","status":"Healthy","tags":[]},"ConfigurationDb":{"data":{},"duration":"00:00:00.0285621","status":"Healthy","tags":[]},"PersistentGrantsDb":{"data":{},"duration":"00:00:00.0340030","status":"Healthy","tags":[]},"IdentityDb":{"data":{},"duration":"00:00:00.0256599","status":"Healthy","tags":[]},"LogDb":{"data":{},"duration":"00:00:00.0094582","status":"Healthy","tags":[]},"AuditLogDb":{"data":{},"duration":"00:00:00.0095660","status":"Healthy","tags":[]},"DataProtectionDb":{"data":{},"duration":"00:00:00.0039096","status":"Healthy","tags":[]}}}
I'm not sure why it would operate any differently when hitting the discovery document from IIS vs IIS Express or just a regular HttpClient. Is this something that you've run into before? I'm not sure where to go next and hoping this is just some configuration issue that I may have missed.
Let me know what you think. Appreciate any suggestions you may have.
Thanks!
-Rondel
2022-02-23 07:52:38.342 -05:00 [INF] Executing endpoint 'Health checks'
2022-02-23 07:52:38.343 -05:00 [INF] Start processing HTTP request GET "https://identity.development.com/.well-known/openid-configuration"
2022-02-23 07:52:38.343 -05:00 [INF] Sending HTTP request GET "https://identity.development.com/.well-known/openid-configuration"
...
2022-02-23 07:52:38.351 -05:00 [ERR] Health check Identity Server with status "Unhealthy" completed after 8.6405ms with message 'null'
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot
at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at HealthChecks.IdSvr.IdSvrHealthCheck.CheckHealthAsync(HealthCheckContext context, CancellationToken cancellationToken)
2022-02-23 07:52:38.354 -05:00 [INF] Executed DbCommand (1ms) [Parameters=[], CommandType='"Text"', CommandTimeout='30']
SELECT 1
2022-02-23 07:52:38.356 -05:00 [INF] Executed endpoint 'Health checks'
2022-02-23 07:52:38.357 -05:00 [INF] Request finished HTTP/2 GET https://admin.identity.development.com/health - - - 503 - application/json 14.9348ms
Shouldn't the dependency to Azure Key Vault for data protection be refactored as such, so that a "provider" loads the required keys for data protection - no matter where they are loaded from? Because such keys can also be provided by other means. Especially in an on-premise or even air-gaped scenario, Azure Key Vault is not accessible.
An error page is shown when trying to add additional token signing algorithms to a Client.
The selected items are not saved when reloading the client page.
More details here:
skoruba/IdentityServer4.Admin#832
I'm using Docker on Linux
I try to use Swagger to call the endpoints of the API, but I always get this error:
[INFO][13][Microsoft.AspNetCore.Authorization.DefaultAuthorizationService] Authorization failed. "These requirements were not met:\nHandler assertion should evaluate to true."
[INFO][13][Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler] AuthenticationScheme: "Identity.Application" was challenged.
I also get the same error using the images from Docker Hub (tag: preview3)
I tried to change the authorization policy (debugging), it seems that the authenticated user doesn't have claims:
Steps to reproduce the behavior:
git clonedocker-compose.override.ymldocker-compose build, docker-compose upI also made some changes in URLs (use xip.io instead of skoruba.local, HTTP instead of HTTPS, no certificates), but the same changes work in "IdentityServer4.Admin" project. I don't think these changes are problems.
Update Pomelo.EntityFrameworkCore.MySql from beta to 5.x version
If I add a service profile, then there is no access to IdentityServer.Admin.
It doesn't matter what the class does, the very fact of adding this class breaks something.
public class ProfileService<TUser> : IProfileService
where TUser : UserIdentity
{
private readonly UserManager<TUser> _userManager;
public ProfileService(UserManager<TUser> userManager)
{
_userManager = userManager;
}
public async Task GetProfileDataAsync(ProfileDataRequestContext context)
{
//var user = await _userManager.GetUserAsync(context.Subject);
//if (user is null)
// return;
//var rolesUser = await _userManager.GetRolesAsync(user).ConfigureAwait(false);
//string roles = String.Join(",", rolesUser);
//var claims = new List<Claim>();
//claims.Add(new Claim("custRoles", roles));
//context.IssuedClaims.AddRange(claims);
}
public async Task IsActiveAsync(IsActiveContext context)
{
var user = await _userManager.GetUserAsync(context.Subject);
context.IsActive = user != null;
}
}
And when I try to login, I get:
I got a error when I tried to deploy to Azure.
C:\Users\hdu\.nuget\packages\microsoft.visualstudio.azure.containers.tools.targets\1.14.0\build\Container.targets(149,5): Error CTC1000: Method not found: 'Void Microsoft.VisualStudio.Containers.Tools.Shared.Functions.AzureFunctionsFeedDataProvider..ctor(Microsoft.VisualStudio.Containers.Tools.Common.Services.Logging.ILoggingService)'.
C:\Users\hdu\.nuget\packages\microsoft.visualstudio.azure.containers.tools.targets\1.14.0\build\Container.targets(149,5): Error MSB4018: The "KillAppInsideContainer" task failed unexpectedly.
Related - skoruba/IdentityServer4.Admin#928
I've read that Duende's Backend for Frontend (BFF) is a more secure way to authorize your clients, but we've already built some functionality around the Skoruba IdentityServer.Admn.
Is Duende.IdentityServer.Admin compatible with with Duende's BFF, or would it require major modifications in order for that to work?
Or perhaps Duende.IdentityServer.Admin might still require Code Flow + PKCE, but the configured clients could use BFF?
Thanks.
It seems that a valid license key is ignored.
"AdvancedConfiguration": {
"IssuerUri": "",
"IdentityServerLicenseKey": "eyJhbG.........................."
},
(Other options are off)
"CertificateConfiguration": {
"UseSigningCertificatePfxFile": true,
"SigningCertificatePfxFilePath": "./mycerttttttttttttttttttt.pfx",
"SigningCertificatePfxFilePassword": "***********",
PROBLEM
Is your feature request related to a problem? Please describe.
It's not possible to disable the delete account button or disable fields like email in the /Manage page. On a private SSO, we may want to disable this user feature and only manage the user profile on the admin client or the admin API.
Describe the solution you'd like
Add configuration in the SSO that disabled the delete button and edit profile.
Describe alternatives you've considered
Additional context
Can Admin UI work well together with a duende license?
[13:01:16 ERR] Request validation failed
[13:06:03 ERR] Your license for Duende IdentityServer only permits 1 number of issuers. You have processed requests for 2.
It seems that it would be good to replace MVC with Razor Pages - especially that Razor Pages will be better if somebody will want to replace some view/action in the package - Skoruba.Duende.IdentityServer.Admin.UI which is built as Razor Class Library.
Feedback is always welcome. 🙂
Thanks 👍
Is repo still being maintain with the latest Duende Identity Server?
This issue related to this issue: skoruba/IdentityServer4.Admin#847
MySql provider has incorrectly pasted db connection strings:
Hi.
what is your plan for upgrading to next version of identity server and its licence?
Issue detail - skoruba/IdentityServer4.Admin#942
Some UI views required DTO which contain a list of items and item for creation/update in one single DTO - I would like to refactor these type of DTOs and make them cleaner and reusable.
I have got this working under Visual Studio and it all works really well and I can use the admin account to open up the admin UI correctly. However, when I run it under docker, it fails to access the admin UI with the admin account with a violation of the AuthorizationPolicy saying the user is not in the Administrator role.
If I open the database, I can see that there is a user called Admin created, an entry in the UserRole table which joins with the Roles table where I can see the role entitled Administrator which matches the config setting.
Therefore, I am struggling to work out why the admin user is not able to access the admin UI. I have tried commenting out all the of the Authorize statements on the controllers to see if there was another problem and it works so it definitely related to the Role claim.
Is there a way of seeing that the Role claim is getting added to the token correctly and that is being passed correctly into the Admin UI tool?
Many thanks
My oidc-client (js) correctly passes arguments so the Identity Server should conclude: "This user was logged in by me".
This is done using the id_token_hint
const id_token = this.getToken().id_token;
//needed to have a valid logout url
this.UserManager.signoutRedirect({
id_token_hint: id_token
});
However, the code below (Duende) concludes the user is not authenticated, so I get the following prompt, instead of continuting to sign out and redirect.
it says
Logout you have been logged of Click here to return to ....
It seems that Identity Server (Duende) invalidly tests for the user being authenticated while the user already was logged out.
Please advise.
private async Task<LogoutViewModel> BuildLogoutViewModelAsync(string logoutId)
{
var vm = new LogoutViewModel { LogoutId = logoutId, ShowLogoutPrompt = AccountOptions.ShowLogoutPrompt };
if (User?.Identity.IsAuthenticated != true)
{
// if the user is not authenticated, then just show logged out page
vm.ShowLogoutPrompt = false;
return vm;
}
(token shortened)
https://auth.myids4.info/connect/endsession?id_token_hint=ey....................n4G4MDr4ewHvDf3fy3rlht0WtSfzrn_rO5kSCCXX9tzyb2r3823QUoGr7HfHLGSKKsvPhFqcicdt7M97qx5q3TAODmgbs97xBsKTqFpsvtlHaQbIw&post_logout_redirect_uri=http%3A%2F%2Flocalhost%3A44335%2Flogout%2Fcallback
This will respond with a 302.
https://auth.myids4.info/Account/Logout?logoutId=CfDJ8NcZGotkOIZBt5lTQsLfJpgPzVjvsq5FkOtL9RSqPeVTrsZRWWiLqAfg-9kF3n7yxjmGQt1Gxt2ciWbt2FEj0Kl9Vd2HpL0-xB-dsx1iQR0l77vDSdBcd4pdR89zHaJSqqizokK1C1-nPKB9-WThRcD4sImQw-MiU4qstSyJmrtTLUyQ8JPqQVEasXhEbgKUJdAblCAhICS-pAod6ESq2Jq35h_N4kxVOsqxvNhgSee3Lj9YUF_NsB96G9OMo3WWtFqLqmgtRfJgbNiRrf4plcddtNu0Hi25IQYByVzmE2ZsmZ4Gjv35bKM8LYVmQczSBr9mft723akkF-63D0hLYswwl1_eepypr-cIYSqWAfOV8usyWWYWM3GRwbc8JKoSYgeXrqoPyJNvBZgUW2wjTuaVajYg4th0VtgF-XjOiAuRVMnPuv_JsuwfbZHNYGFturz54q4_1GF974P0Ena4piUUpmB_VsFF8C0GGdifBgi7
BUG:
I think the code which tests for IsAuthenticated is always false, since endSession already did the job.
Opening a client with +300 cors origins and redirect uris causes 504 on our gateway because the call takes too long.
We had a similair problem with our old IdentityServer4 v3.14 version. The cause was a cartesian product on a client that had includes on ClientCorsOrigins, ClientRedirectUris and ClientPostLogoutRedirectUris. After a certain amount of entries a performance degradation was detected.
The likely cause is the query in this method:
Steps to reproduce the behavior:
Add .AsSplitQuery() to the query to fix the problem. This stops causing it to create a cartesian product.
See: https://docs.microsoft.com/en-us/ef/core/querying/single-split-queries
Is there any reason why you disabled the automatic key management in StartupHelper class in STS project?
Here is the line:
I'm asking because I've just read an article on the blog of Duende Software about automatic key management feature they've added. https://blog.duendesoftware.com/posts/20201028_key_management/
Hello there. I was trying to run an admin project with my "Local" ASPNETCORE_ENVIRONMENT, but I discovered, that styles don't work on this environment and after I changed it back to development, then it started working.
Steps to reproduce: Change ASPNETCORE_ENVIRONMENT to something else ("Local" for example) and run the project. Styles should be missed.
Hello, i cannot able to start Admin proj.
Swagger and sts works flawless but when start Admin in iis express this is result.
What am I doing wrong?
Thank you
NET5 MySql 5.7 Win10 64bit
Specified key was too long; max key length is 1000 bytesv
clone this repo , latest code
after modified appsettings.json then running Skoruba.Duende.IdentityServer.Admin
the log looks like below
I also tried using mysql8.0, the same result
I also read issues about this problem #skoruba/IdentityServer4.Admin#817 #skoruba/IdentityServer4.Admin#256
but It did not work
thanks
2022-01-05 23:40:06.687 +08:00 [ERR] Failed executing DbCommand (7ms) [Parameters=[], CommandType='"Text"', CommandTimeout='30']
CREATE INDEX `IX_PersistedGrants_SubjectId_ClientId_Type` ON `PersistedGrants` (`SubjectId`, `ClientId`, `Type`);
2022-01-05 23:40:06.875 +08:00 [FTL] Host terminated unexpectedly
MySqlConnector.MySqlException (0x80004005): Specified key was too long; max key length is 1000 bytes
at MySqlConnector.Core.ServerSession.ReceiveReplyAsyncAwaited(ValueTask`1 task) in /_/src/MySqlConnector/Core/ServerSession.cs:line 888
at MySqlConnector.Core.ResultSet.ReadResultSetHeaderAsync(IOBehavior ioBehavior) in /_/src/MySqlConnector/Core/ResultSet.cs:line 50
at MySqlConnector.MySqlDataReader.ActivateResultSet(CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 135
at MySqlConnector.MySqlDataReader.CreateAsync(CommandListPosition commandListPosition, ICommandPayloadCreator payloadCreator, IDictionary`2 cachedProcedures, IMySqlCommand command, CommandBehavior behavior, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 444
at MySqlConnector.Core.CommandExecutor.ExecuteReaderAsync(IReadOnlyList`1 commands, ICommandPayloadCreator payloadCreator, CommandBehavior behavior, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/CommandExecutor.cs:line 60
at MySqlConnector.MySqlCommand.ExecuteNonQueryAsync(IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 271
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteNonQueryAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteNonQueryAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteNonQueryAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Migrations.Internal.MigrationCommandExecutor.ExecuteNonQueryAsync(IEnumerable`1 migrationCommands, IRelationalConnection connection, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Migrations.Internal.MigrationCommandExecutor.ExecuteNonQueryAsync(IEnumerable`1 migrationCommands, IRelationalConnection connection, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Migrations.Internal.MigrationCommandExecutor.ExecuteNonQueryAsync(IEnumerable`1 migrationCommands, IRelationalConnection connection, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Migrations.Internal.MigrationCommandExecutor.ExecuteNonQueryAsync(IEnumerable`1 migrationCommands, IRelationalConnection connection, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Migrations.Internal.Migrator.MigrateAsync(String targetMigration, CancellationToken cancellationToken)
at Skoruba.Duende.IdentityServer.Admin.EntityFramework.Shared.Helpers.DbMigrationHelpers.EnsureDatabasesMigratedAsync[TIdentityDbContext,TConfigurationDbContext,TPersistedGrantDbContext,TLogDbContext,TAuditLogDbContext,TDataProtectionDbContext](IServiceProvider services) in E:\id4\Duende.IdentityServer.Admin\src\Skoruba.Duende.IdentityServer.Admin.EntityFramework.Shared\Helpers\DbMigrationHelpers.cs:line 75
at Skoruba.Duende.IdentityServer.Admin.EntityFramework.Shared.Helpers.DbMigrationHelpers.ApplyDbMigrationsWithDataSeedAsync[TIdentityServerDbContext,TIdentityDbContext,TPersistedGrantDbContext,TLogDbContext,TAuditLogDbContext,TDataProtectionDbContext,TUser,TRole](IHost host, Boolean applyDbMigrationWithDataSeedFromProgramArguments, SeedConfiguration seedConfiguration, DatabaseMigrationsConfiguration databaseMigrationsConfiguration) in E:\id4\Duende.IdentityServer.Admin\src\Skoruba.Duende.IdentityServer.Admin.EntityFramework.Shared\Helpers\DbMigrationHelpers.cs:line 52
at Skoruba.Duende.IdentityServer.Admin.Program.ApplyDbMigrationsWithDataSeedAsync(String[] args, IConfiguration configuration, IHost host) in E:\id4\Duende.IdentityServer.Admin\src\Skoruba.Duende.IdentityServer.Admin\Program.cs:line 61
at Skoruba.Duende.IdentityServer.Admin.Program.Main(String[] args) in E:\id4\Duende.IdentityServer.Admin\src\Skoruba.Duende.IdentityServer.Admin\Program.cs:line 38
Hi, from the docs it's not clear for me how the architecture/project setup is intended to work. I see there are three services which need to be exposed, which are:
Is STS intended to communicate (or in other words, to aggregate) the IdentityServer? This would mean, that the IdentityServer needs to be hosted as an additional service to the above three? Or is STS wrapping IdentityServer and "is" an instance of it - so no additioanl IdentityServer is needed?
First of all, I don't see a parameter for the admin user name when setting up a new project. What is the username associated with the adminpassword parameter? I mean adminpassword isthe password for what user?
I had to read more and found out that the username is in the identitydata.json file. So the admin user is 'admin'.
When I try to log in using those credentials, it seems I am logged in as a regular user instead of as an admin. How do I get the UI to show all the admin options? I left the role as 'MyRole'. Do I need to change it?
i have spa application . i want to signup and create new user with api
how can i to create new user with api ?
i dont want to use admin ui and i dont want to redirect user to another page for signup
How can we use Admin to support multi tenant scenarios for a Saas product?
Where is seed data located?
<log goes here>
How far from the release is preview 5?
How could we upgrade from the preview versions to the release versions?
P.S. We would like to start using Duende IS and Admin UI but we had a bad experience with IS v4 Admin UI pre-release versions before. We have started with the pre-release version and then the whole DB schema has changed and we missed the upgrade in between.
I always get the error Table 'skoruba-auth-server-duende.DataProtectionKeys' doesn't exist when trying to start the solution.
the same happens when attempting to first run STS.Identity, Admin.Api and Admin (in that order) via dotnet run
2022-02-20 11:26:19.454 +01:00 [ERR] Failed executing DbCommand (36ms) [Parameters=[], CommandType='"Text"', CommandTimeout='30']
SELECT `d`.`Id`, `d`.`FriendlyName`, `d`.`Xml`
FROM `DataProtectionKeys` AS `d`
2022-02-20 11:26:19.528 +01:00 [ERR] An exception occurred while iterating over the results of a query for context type 'Skoruba.Duende.IdentityServer.Admin.EntityFramework.Shared.DbContexts.IdentityServerDataProtectionDbContext'.
MySqlConnector.MySqlException (0x80004005): Table 'skoruba-auth-server-duende.DataProtectionKeys' doesn't exist
at MySqlConnector.Core.ResultSet.ReadResultSetHeaderAsync(IOBehavior ioBehavior) in /_/src/MySqlConnector/Core/ResultSet.cs:line 44
at MySqlConnector.MySqlDataReader.ActivateResultSet(CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 127
at MySqlConnector.MySqlDataReader.CreateAsync(CommandListPosition commandListPosition, ICommandPayloadCreator payloadCreator, IDictionary`2 cachedProcedures, IMySqlCommand command, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 456
at MySqlConnector.Core.CommandExecutor.ExecuteReaderAsync(IReadOnlyList`1 commands, ICommandPayloadCreator payloadCreator, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/CommandExecutor.cs:line 56
at MySqlConnector.MySqlCommand.ExecuteReaderAsync(CommandBehavior behavior, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 330
at MySqlConnector.MySqlCommand.ExecuteDbDataReader(CommandBehavior behavior) in /_/src/MySqlConnector/MySqlCommand.cs:line 272
at System.Data.Common.DbCommand.ExecuteReader()
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReader(RelationalCommandParameterObject parameterObject)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.Enumerator.InitializeReader(Enumerator enumerator)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.Enumerator.<>c.<MoveNext>b__19_0(DbContext _, Enumerator enumerator)
at Pomelo.EntityFrameworkCore.MySql.Storage.Internal.MySqlExecutionStrategy.Execute[TState,TResult](TState state, Func`3 operation, Func`3 verifySucceeded)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.Enumerator.MoveNext()
MySqlConnector.MySqlException (0x80004005): Table 'skoruba-auth-server-duende.DataProtectionKeys' doesn't exist
at MySqlConnector.Core.ResultSet.ReadResultSetHeaderAsync(IOBehavior ioBehavior) in /_/src/MySqlConnector/Core/ResultSet.cs:line 44
at MySqlConnector.MySqlDataReader.ActivateResultSet(CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 127
at MySqlConnector.MySqlDataReader.CreateAsync(CommandListPosition commandListPosition, ICommandPayloadCreator payloadCreator, IDictionary`2 cachedProcedures, IMySqlCommand command, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 456
at MySqlConnector.Core.CommandExecutor.ExecuteReaderAsync(IReadOnlyList`1 commands, ICommandPayloadCreator payloadCreator, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/CommandExecutor.cs:line 56
at MySqlConnector.MySqlCommand.ExecuteReaderAsync(CommandBehavior behavior, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 330
at MySqlConnector.MySqlCommand.ExecuteDbDataReader(CommandBehavior behavior) in /_/src/MySqlConnector/MySqlCommand.cs:line 272
at System.Data.Common.DbCommand.ExecuteReader()
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReader(RelationalCommandParameterObject parameterObject)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.Enumerator.InitializeReader(Enumerator enumerator)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.Enumerator.<>c.<MoveNext>b__19_0(DbContext _, Enumerator enumerator)
at Pomelo.EntityFrameworkCore.MySql.Storage.Internal.MySqlExecutionStrategy.Execute[TState,TResult](TState state, Func`3 operation, Func`3 verifySucceeded)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.Enumerator.MoveNext()
2022-02-20 11:26:19.535 +01:00 [ERR] An error occurred while reading the key ring.
MySqlConnector.MySqlException (0x80004005): Table 'skoruba-auth-server-duende.DataProtectionKeys' doesn't exist
at MySqlConnector.Core.ResultSet.ReadResultSetHeaderAsync(IOBehavior ioBehavior) in /_/src/MySqlConnector/Core/ResultSet.cs:line 44
at MySqlConnector.MySqlDataReader.ActivateResultSet(CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 127
at MySqlConnector.MySqlDataReader.CreateAsync(CommandListPosition commandListPosition, ICommandPayloadCreator payloadCreator, IDictionary`2 cachedProcedures, IMySqlCommand command, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlDataReader.cs:line 456
at MySqlConnector.Core.CommandExecutor.ExecuteReaderAsync(IReadOnlyList`1 commands, ICommandPayloadCreator payloadCreator, CommandBehavior behavior, Activity activity, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/Core/CommandExecutor.cs:line 56
at MySqlConnector.MySqlCommand.ExecuteReaderAsync(CommandBehavior behavior, IOBehavior ioBehavior, CancellationToken cancellationToken) in /_/src/MySqlConnector/MySqlCommand.cs:line 330
at MySqlConnector.MySqlCommand.ExecuteDbDataReader(CommandBehavior behavior) in /_/src/MySqlConnector/MySqlCommand.cs:line 272
at System.Data.Common.DbCommand.ExecuteReader()
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReader(RelationalCommandParameterObject parameterObject)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.Enumerator.InitializeReader(Enumerator enumerator)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.Enumerator.<>c.<MoveNext>b__19_0(DbContext _, Enumerator enumerator)
at Pomelo.EntityFrameworkCore.MySql.Storage.Internal.MySqlExecutionStrategy.Execute[TState,TResult](TState state, Func`3 operation, Func`3 verifySucceeded)
at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.Enumerator.MoveNext()
at Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.EntityFrameworkCoreXmlRepository`1.<GetAllElements>g__GetAllElementsCore|3_0()+MoveNext()
at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
at Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.EntityFrameworkCoreXmlRepository`1.GetAllElements()
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.GetAllKeys()
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.CreateCacheableKeyRingCore(DateTimeOffset now, IKey keyJustAdded)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.ICacheableKeyRingProvider.GetCacheableKeyRing(DateTimeOffset now)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRingCore(DateTime utcNow, Boolean forceRefresh)
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.