Open mithun-daa opened 10 years ago
Is the cert for that host correct and trusted?
No, it's a self signed cert.
So perhaps the call is failing because you simply don't have the SSL part done right.
It works just fine if I point to the IdSrv from a MVC app. Exception only when i use OWIN.
check if Katana logging shows more info: https://katanaproject.codeplex.com/wikipage?title=Debugging&referringTitle=Documentation
Not get any trace info. Maybe it is happening even before all that kick in?
You may have already resolved this issue, but for future readers, I had the same problem today and it turned out to be my company's proxy server settings, so the issue was that the federationmetadata.xml file was not even being read. Hope this helps.
Good point, @iampez -- see if you can even browse to the federation metadata in your browser.
I can. I have a regular MVC app that works just fine talking the same IdSrv. Just doesn't work if set up as OWIN/Katana pipeline. On Nov 8, 2014 8:28 AM, "Brock Allen" notifications@github.com wrote:
Good point, @iampez https://github.com/iampez -- see if you can even browse to the federation metadata in your browser.
— Reply to this email directly or view it on GitHub https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/810#issuecomment-62259238 .
@iampez I use token authentication and have same issue with company's proxy server. How did you resolve your issue? Is there a way to pass proxy server as an option? Is it possible to configure it for accepting proxy?
we are also having the same problem starting today. We have all SSL set correctly and the same setting is working for one site and not the other. Any suggestions?
@austinajit if something "all of a sudden" stopped working, then perhaps it's the signing certificate is past its expiration?
I know I'm a bit late here but if anyone is still experiencing this issue then you can resolve it by providing your own "proxy aware" implementation of the WsFederationAuthenticationOptions.BackchannelHttpHandler.
` public partial class Startup { private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"]; private static string adfsMetadata = ConfigurationManager.AppSettings["ida:ADFSMetadata"]; private static string proxyAddress = ConfigurationManager.AppSettings["ida:ProxyAddress"]; private static string proxyPort = ConfigurationManager.AppSettings["ida:ProxyPort"];
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = realm,
MetadataAddress = adfsMetadata,
BackchannelHttpHandler = GetProxyAwareHttpMessageHandler()
});
}
private HttpMessageHandler GetProxyAwareHttpMessageHandler()
{
if (string.IsNullOrWhiteSpace(proxyAddress) || string.IsNullOrWhiteSpace(proxyPort))
return null;
var address = string.Format("{0}:{1}", proxyAddress, proxyPort);
var proxy = new WebProxy(address, false)
{
UseDefaultCredentials = true
};
return new HttpClientHandler()
{
Proxy = proxy,
UseDefaultCredentials = true
};
}
}
`
Ah, thanks for the update!
I have an application that uses the Identity Server to authenticate users. This app is build on top of ASP.Net MVC and ASP.Net Web API. Everything works great here.
We started a new project and decided to use the same IdSrv to authenticate users but this time around we built our project using the new OWIN/Katana pipeline but hosted inside IIS (System.Web). The application is a SPA and has just one Index.html and all of the data is coming from the Web API middleware. I want to force users to be authenticated and if they are not and redirect them to the IdSrv. This is how my Startup.cs looks:
I followed the following blog post to set up WSFederation here. I have added an
Authorize
attribute over my Web API resource and when I try to reach it i get the following errorAny ideas? Am I missing something?