MutialTLS Error - InvalidOperation Exception: No authentication handler is registered for the scheme 'Certificate'.

[DasNaughtie]

Morning Guys,

Hope all's good! I'm following your MTLS example on the website and I've completed it and can hit the discovery endpoint. However, when I make a call to RequestClientCredentialsTokenAsync it fails with the above message. From what I can see the scheme is registered in the IdentityServer so I'll a bit confused as to what's going on.

Any suggestions?

Minimal working example

// This is my IdentityServer StartUp.cs:

public void ConfigureServices(IServiceCollection services)
{
    var builder = services.AddIdentityServer(options =>
    {
        options.MutualTls.Enabled = true;
        options.MutualTls.ClientCertificateAuthenticationScheme = "Certificate";
    })
    .AddDeveloperSigningCredential()
    .AddInMemoryIdentityResources(Config.IdentityResources)
    .AddInMemoryClients(Config.Clients);

    builder.AddMutualTlsSecretValidators();

    builder.AddDeveloperSigningCredential();
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseDeveloperExceptionPage();
    app.UseIdentityServer();
}

// And this is my Client:

var handler = new SocketsHttpHandler();
var cert = new X509Certificate2("local.cer");
handler.SslOptions.ClientCertificates = new X509CertificateCollection { cert };

var client = new HttpClient(handler);

var disco = await client.GetDiscoveryDocumentAsync("https://localhost:44329");
if (disco.IsError)
{
    Console.WriteLine(disco.Error);
    return;
}

var tokenCredentials = new ClientCredentialsTokenRequest
{
    Address = disco.TryGetValue(OidcConstants.Discovery.MtlsEndpointAliases)
        .TryGetValue(OidcConstants.Discovery.TokenEndpoint)
        .ToString(),
    ClientId = "client",
    Scope = "api1"
};

var tokenResponse = await client.RequestClientCredentialsTokenAsync(tokenCredentials);

if (tokenResponse.IsError)
{
    Console.WriteLine(tokenResponse.Error);
    return;
}

...more code here

Stack Trace

System.InvalidOperationException: No authentication handler is registered for the scheme 'Certificate'. The registered schemes are: idsrv, idsrv.external. Did you forget to call AddAuthentication().Add[SomeAuthHandler]("Certificate",...)?
   at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
   at IdentityServer4.Hosting.MutualTlsTokenEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes) in C:\local\identity\server4\IdentityServer4\src\IdentityServer4\src\Hosting\MtlsTokenEndpointMiddleware.cs:line

[DasNaughtie]

Any update on this guys? I've followed the client credentials flow code example on here followed by adding the MTLS updates as described on your website and I see this error. I've updated the code as specified in the walkthrough so I'm at a bit of a loss...the documents don't provide any further insight and checking google doesn't help either.

At the moment I'm just trying to make sure getting a token actually works. No where in the docs does it specify that I need to add a default authentication handler for Certificate in the Identity Server setup.

What am I missing? Is this error to do wit your code or mine? Could really do with some help here.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.