Hosting IdentityServer on same host as api

[manjhari]

Hi, I am working on a project where we want to have an IdentityServer hosted on IIS with angular clients and .net APi's hosted on other application servers. We are using the resource owner flow and want the angular client to get an access token and then call the API.

To get this in development I am just using postman as my client for now with a locally hosted (Laptop) identityserver and same host for API. I have created an SSL cert using makecert and installed in trusted root certificates authorities. My hostname is XT87A.

I am easily able to use Postman to get the token via https://XT87A/core/connect/token and then use that token (also via postman) to call my API end point. Problem comes from the API, the error it is returning is Response status code does not indicate success: 404 (Not Found). In the stack trace I see it is calling https://XT87A/core/.well-known/openid-configuration which works in postman perfectly well. However it is also calling https://XT87A/core/core/.well-known/jwks. This is not available, however https://XT87A/core/.well-known/jwks works fine. I don't know why it is putting the extra "core" in the url. Just wondering what I have done wrong, is there something I need to do/implement on the identity server side?

My api startup is wired as follows: private void ConfigureIdentityTokenConsumption(IAppBuilder app) { app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions { Authority = "https://XT87A/core", IssuerName = "XT87A", ValidationMode = ValidationMode.Local, RequiredScopes = new[] { "api" } }); }

My IdentityServer startup: public static IAppBuilder UseIdentityServer(this IAppBuilder app) { var factory = new IdentityServerServiceFactory();

//register dependencies
//Data access
factory.Register(new Registration<IdentityConfigurationDal>(resolver => new IdentityConfigurationDal(Constants.ClientConstants.ClientConnectionString)));
factory.Register(new Registration<CalypsoDal>(resolver => new CalypsoDal()));

//Queries
factory.Register(new Registration<AuthenticateUserQuery>(resolver => new AuthenticateUserQuery(resolver.Resolve<CalypsoDal>())));
factory.Register(new Registration<GetUserSessionSettingsQuery>(resolver => new GetUserSessionSettingsQuery(resolver.Resolve<CalypsoDal>())));
factory.Register(new Registration<GetOAuthClientQuery>(resolver => new GetOAuthClientQuery(resolver.Resolve<IdentityConfigurationDal>())));

var scopeStore = new ScopeStore();

factory.UserService = new Registration<IUserService, UserService>();

factory.ScopeStore = new Registration<IScopeStore>(resolver => scopeStore);

factory.SecretParsers = new List<Registration<ISecretParser>>
{
    new Registration<ISecretParser, SecretParser>()
};

factory.SecretValidators = new List<Registration<ISecretValidator>>
{
    new Registration<ISecretValidator, SecretValidator>()
};

factory.ClientStore = new Registration<IClientStore, ClientStore>();

var options = new IdentityServerOptions
{
    SigningCertificate = Certificate.Load(),
    IssuerUri = "https://XT87A/core",
    Factory = factory,
    PublicOrigin = "https://XT87A/core",
    Endpoints = new EndpointOptions
    {
        // replaced by the introspection endpoint in v2.2
        EnableAccessTokenValidationEndpoint = false
    },

    EventsOptions = new EventsOptions
    {
        RaiseSuccessEvents = true,
        RaiseErrorEvents = true,
        RaiseFailureEvents = true,
        RaiseInformationEvents = true
    }
};

app.Map("/core", idsrvApp =>
{
    idsrvApp.UseIdentityServer(options);
});

return app;

} Any help would be greatly appreciated

[brockallen]

PublicOrigin = "https://XT87A/core", -- this is why you have extra "core" in the URLs ( you said you weren't sure why).

Change it to: PublicOrigin = "https://XT87A" (especially since your prior value was not an origin).

[manjhari]

Thanks, I figured it had to be something in the url formats somewhere.