juancash
commented
7 years ago @TomPallister
I don´t know if I understand well the scenario, but I think not must be a new feature. In my opinion you only need create a self signed certificate (with IIS for example) and use it in your IdentityServer configuration like:
service.AddIdentityServer()
.AddSigningCredential(GetMySelfSignedCertificate(environment))
pirvate X509Certificate2 GetMySelfSignedCertificate(IHostingEnvironment environment)
{
var cert = Path.Combine(environment.ContentRootPath, "pahtWhereCertificateIsLocated/myCertName.pfx");
var cert_password = "myCertPassword";
return new X509Certificate2(cert, cert_password);
}In this way, both Ocelot will sign tokens with the same key and both can check the tokens regardless of which gateway it has generated the token.
But I don´t know if I'm missing something about your scenario. And sorry my ignorance, what is Ocelot administration area and what can I do with that?
Thanks.
TomPallister
Note this only relates to the ocelot administration area.
Given ocelot a and ocelot b running in separate processes And you get a token from ocelot a When you try and use the token on ocelot b to get ocelot configuration Then your request is not unauthenticated
At the moment we just do..
This means a token from one ocelot cannot be used on another.
I would write an acceptance test where you get a token from ocelot a and then use it on ocelot b, let that fail and then start implementing the feature.