search

lithnet / access-manager

Access Manager provides web-based access to local admin (LAPS) passwords, BitLocker recovery keys, and just-in-time administrative access to Windows computers in a modern, secure, and user-friendly way.
Other
239 stars 20 forks source link

[HELP] OpenIDConnect does not Redirect #134

Closed marcohald closed 2 years ago

marcohald commented 2 years ago

I Configured the OIDC using keycloak and it looks like this in the config image When I go to the laps.example.com it redirects me to https://laps.example.com/Home/Login?ReturnUrl=%2FComputer%2FAccessRequest witch results in a 404.

The Service Log looks like this

2022-01-21 11:28:44.0603| INFO|Lithnet.AccessManager.Enterprise.AmsLicenseManager|No license information was found on the system
2022-01-21 11:28:44.1201| INFO|Lithnet.AccessManager.Service.Startup|Starting Lithnet Access Manager Standard Edition
2022-01-21 11:28:44.2061|TRACE|Lithnet.AccessManager.Server.SqlLocalDbInstanceProvider|Initializing internal DB
2022-01-21 11:28:44.2669|TRACE|Lithnet.AccessManager.Server.SqlLocalDbInstanceProvider|Connecting to internal DB instance ams
2022-01-21 11:28:44.2669|TRACE|Lithnet.AccessManager.Server.SqlLocalDbInstanceProvider|Starting internal DB instance ams
2022-01-21 11:28:48.6341|TRACE|Lithnet.AccessManager.Server.SqlLocalDbInstanceProvider|Master DB connection string Data Source=np:\\.\pipe\LOCALDB#913E2766\tsql\query;Initial Catalog=master;Integrated Security=True;Connect Timeout=30
2022-01-21 11:28:48.9507|TRACE|Lithnet.AccessManager.Server.SqlLocalDbInstanceProvider|Database was already attached to instance ams
2022-01-21 11:28:48.9507|TRACE|Lithnet.AccessManager.Server.SqlLocalDbInstanceProvider|AccessManager DB connection string Data Source=np:\\.\pipe\LOCALDB#913E2766\tsql\query;Initial Catalog=AccessManager;Integrated Security=True;Connect Timeout=30
2022-01-21 11:28:49.5896|TRACE|Lithnet.AccessManager.Server.DbUpgradeLogger|Checking whether journal table exists..
2022-01-21 11:28:50.1775|TRACE|Lithnet.AccessManager.Server.DbUpgradeLogger|Fetching list of already executed scripts.
2022-01-21 11:28:50.2010|TRACE|Lithnet.AccessManager.Server.SqlDbProvider|The database is up to date
2022-01-21 11:28:50.2010|TRACE|Lithnet.AccessManager.Server.DbUpgradeLogger|Beginning database upgrade
2022-01-21 11:28:50.2010|TRACE|Lithnet.AccessManager.Server.DbUpgradeLogger|Checking whether journal table exists..
2022-01-21 11:28:50.2010|TRACE|Lithnet.AccessManager.Server.DbUpgradeLogger|Fetching list of already executed scripts.
2022-01-21 11:28:50.2010|TRACE|Lithnet.AccessManager.Server.DbUpgradeLogger|No new scripts need to be executed - completing.
2022-01-21 11:28:50.2926|TRACE|Lithnet.AccessManager.Server.Workers.AuditWorker|Starting audit worker background processing thread
2022-01-21 11:28:50.2926|TRACE|Lithnet.AccessManager.Server.Workers.CertificateImportWorker|Starting certificate synchronization background processing thread
2022-01-21 11:28:50.3098|TRACE|Lithnet.AccessManager.Server.SchedulerService|Starting scheduler background processing thread
2022-01-21 11:28:50.4217| INFO|Quartz.Util.DBConnectionManager|Registering datasource 'mydb' with db provider: 'Quartz.Impl.AdoJobStore.Common.DbProvider'
2022-01-21 11:28:50.4217| INFO|Quartz.Impl.StdSchedulerFactory|Using object serializer: Quartz.Simpl.JsonObjectSerializer, Quartz.Serialization.Json
2022-01-21 11:28:50.4520|DEBUG|Quartz.Simpl.TaskSchedulingThreadPool|TaskSchedulingThreadPool configured with max concurrency of 10 and TaskScheduler ThreadPoolTaskScheduler.
2022-01-21 11:28:50.4520| INFO|Quartz.Core.SchedulerSignalerImpl|Initialized Scheduler Signaller of type: Quartz.Core.SchedulerSignalerImpl
2022-01-21 11:28:50.4622| INFO|Quartz.Core.QuartzScheduler|Quartz Scheduler v.3.2.3.0 created.
2022-01-21 11:28:50.4622| INFO|Quartz.Core.QuartzScheduler|JobFactory set to: Quartz.Simpl.MicrosoftDependencyInjectionJobFactory
2022-01-21 11:28:50.4834|DEBUG|Quartz.Impl.AdoJobStore.SqlServerDelegate|Adding TriggerPersistenceDelegate of type: Quartz.Impl.AdoJobStore.SimpleTriggerPersistenceDelegate
2022-01-21 11:28:50.4834|DEBUG|Quartz.Impl.AdoJobStore.SqlServerDelegate|Adding TriggerPersistenceDelegate of type: Quartz.Impl.AdoJobStore.CronTriggerPersistenceDelegate
2022-01-21 11:28:50.4834|DEBUG|Quartz.Impl.AdoJobStore.SqlServerDelegate|Adding TriggerPersistenceDelegate of type: Quartz.Impl.AdoJobStore.CalendarIntervalTriggerPersistenceDelegate
2022-01-21 11:28:50.4834|DEBUG|Quartz.Impl.AdoJobStore.SqlServerDelegate|Adding TriggerPersistenceDelegate of type: Quartz.Impl.AdoJobStore.DailyTimeIntervalTriggerPersistenceDelegate
2022-01-21 11:28:50.4834| INFO|Quartz.Impl.AdoJobStore.JobStoreTX|Using thread monitor-based data access locking (synchronization).
2022-01-21 11:28:50.4834| INFO|Quartz.Impl.AdoJobStore.JobStoreTX|JobStoreTX initialized.
2022-01-21 11:28:50.4834| INFO|Quartz.Core.QuartzScheduler|Scheduler meta-data: Quartz Scheduler (v3.2.3.0) 'AMSCoreScheduler' with instanceId 'NON_CLUSTERED'
  Scheduler class: 'Quartz.Core.QuartzScheduler' - running locally.
  NOT STARTED.
  Currently in standby mode.
  Number of jobs executed: 0
  Using thread pool 'Quartz.Simpl.DefaultThreadPool' - with 10 threads.
  Using job-store 'Quartz.Impl.AdoJobStore.JobStoreTX' - which supports persistence. and is not clustered.

2022-01-21 11:28:50.4834| INFO|Quartz.Impl.StdSchedulerFactory|Quartz scheduler 'AMSCoreScheduler' initialized
2022-01-21 11:28:50.4834| INFO|Quartz.Impl.StdSchedulerFactory|Quartz scheduler version: 3.2.3.0
2022-01-21 11:28:50.5224| INFO|Quartz.ContainerConfigurationProcessor|Adding 0 jobs, 0 triggers.
2022-01-21 11:28:50.6657|DEBUG|Quartz.SQL|Prepared SQL: SELECT JOB_NAME FROM QRTZ_JOB_DETAILS WHERE SCHED_NAME = @schedulerName AND JOB_NAME = @jobName AND JOB_GROUP = @jobGroup
2022-01-21 11:28:50.7953|DEBUG|Quartz.SQL|Prepared SQL: SELECT JOB_NAME FROM QRTZ_JOB_DETAILS WHERE SCHED_NAME = @schedulerName AND JOB_NAME = @jobName AND JOB_GROUP = @jobGroup
2022-01-21 11:28:50.7953|DEBUG|Quartz.Impl.AdoJobStore.SimpleSemaphore|Lock 'TRIGGER_ACCESS' is desired by: f492ee36-0148-489e-b061-ea27831189e3
2022-01-21 11:28:50.8054|DEBUG|Quartz.Impl.AdoJobStore.SimpleSemaphore|Lock 'TRIGGER_ACCESS' is being obtained: f492ee36-0148-489e-b061-ea27831189e3
2022-01-21 11:28:50.8054|DEBUG|Quartz.Impl.AdoJobStore.SimpleSemaphore|Lock 'TRIGGER_ACCESS' given to: f492ee36-0148-489e-b061-ea27831189e3
2022-01-21 11:28:50.8054|DEBUG|Quartz.SQL|Prepared SQL: UPDATE QRTZ_TRIGGERS SET TRIGGER_STATE = @newState WHERE SCHED_NAME = @schedulerName AND (TRIGGER_STATE = @oldState1 OR TRIGGER_STATE = @oldState2)
2022-01-21 11:28:51.0660|DEBUG|Quartz.SQL|Prepared SQL: UPDATE QRTZ_TRIGGERS SET TRIGGER_STATE = @newState WHERE SCHED_NAME = @schedulerName AND (TRIGGER_STATE = @oldState1 OR TRIGGER_STATE = @oldState2)
2022-01-21 11:28:51.0660| INFO|Quartz.Impl.AdoJobStore.JobStoreTX|Freed 0 triggers from 'acquired' / 'blocked' state.
2022-01-21 11:28:51.0777|DEBUG|Quartz.SQL|Prepared SQL: SELECT TRIGGER_NAME, TRIGGER_GROUP FROM QRTZ_TRIGGERS WHERE SCHED_NAME = @schedulerName AND MISFIRE_INSTR <> -1 AND NEXT_FIRE_TIME < @nextFireTime AND TRIGGER_STATE = @state1 ORDER BY NEXT_FIRE_TIME ASC, PRIORITY DESC
2022-01-21 11:28:51.0878|DEBUG|Quartz.Impl.AdoJobStore.JobStoreTX|Found 0 triggers that missed their scheduled fire-time.
2022-01-21 11:28:51.0878|DEBUG|Quartz.SQL|Prepared SQL: SELECT * FROM QRTZ_FIRED_TRIGGERS WHERE SCHED_NAME = @schedulerName AND INSTANCE_NAME = @instanceName AND REQUESTS_RECOVERY = @requestsRecovery
2022-01-21 11:28:51.0878| INFO|Quartz.Impl.AdoJobStore.JobStoreTX|Recovering 0 jobs that were in-progress at the time of the last shut-down.
2022-01-21 11:28:51.0878| INFO|Quartz.Impl.AdoJobStore.JobStoreTX|Recovery complete.
2022-01-21 11:28:51.1042|DEBUG|Quartz.SQL|Prepared SQL: SELECT TRIGGER_NAME, TRIGGER_GROUP FROM QRTZ_TRIGGERS WHERE SCHED_NAME = @schedulerName AND TRIGGER_STATE = @state
2022-01-21 11:28:51.1042| INFO|Quartz.Impl.AdoJobStore.JobStoreTX|Removed 0 'complete' triggers.
2022-01-21 11:28:51.1202|DEBUG|Quartz.SQL|Prepared SQL: DELETE FROM QRTZ_FIRED_TRIGGERS WHERE SCHED_NAME = @schedulerName
2022-01-21 11:28:51.1202| INFO|Quartz.Impl.AdoJobStore.JobStoreTX|Removed 0 stale fired job entries.
2022-01-21 11:28:51.1202|DEBUG|Quartz.Impl.AdoJobStore.SimpleSemaphore|Lock 'TRIGGER_ACCESS' returned by: f492ee36-0148-489e-b061-ea27831189e3
2022-01-21 11:28:51.1202| INFO|Quartz.Core.QuartzScheduler|Scheduler AMSCoreScheduler_$_NON_CLUSTERED started.
2022-01-21 11:28:51.1357|DEBUG|Quartz.Impl.AdoJobStore.MisfireHandler|Scanning for misfires...
2022-01-21 11:28:51.1512|DEBUG|Quartz.SQL|Prepared SQL: SELECT TOP 1  TRIGGER_NAME, TRIGGER_GROUP, NEXT_FIRE_TIME, PRIORITY FROM QRTZ_TRIGGERS WHERE SCHED_NAME = @schedulerName AND TRIGGER_STATE = @state AND NEXT_FIRE_TIME <= @noLaterThan AND (MISFIRE_INSTR = -1 OR (MISFIRE_INSTR <> -1 AND NEXT_FIRE_TIME >= @noEarlierThan)) ORDER BY NEXT_FIRE_TIME ASC, PRIORITY DESC
2022-01-21 11:28:51.1512|DEBUG|Quartz.SQL|Prepared SQL: SELECT COUNT(TRIGGER_NAME) FROM QRTZ_TRIGGERS WHERE SCHED_NAME = @schedulerName AND MISFIRE_INSTR <> -1 AND NEXT_FIRE_TIME < @nextFireTime AND TRIGGER_STATE = @state1
2022-01-21 11:28:51.1512|DEBUG|Quartz.Core.QuartzSchedulerThread|Batch acquisition of 0 triggers
2022-01-21 11:28:51.1944|DEBUG|Quartz.Impl.AdoJobStore.JobStoreTX|Found 0 triggers that missed their scheduled fire-time.
2022-01-21 11:28:51.2727| INFO|Microsoft.Hosting.Lifetime|Now listening on: https://laps.example.com:443/
2022-01-21 11:28:51.2746| INFO|Microsoft.Hosting.Lifetime|Now listening on: http://laps.example.com:80/
2022-01-21 11:28:51.2746| INFO|Microsoft.Hosting.Lifetime|Application started. Hosting environment: Production; Content root path: C:\Program Files\Lithnet\Access Manager Service\
2022-01-21 11:28:59.7469|ERROR|Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An unhandled exception has occurred while executing the request.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
 ---> System.IO.IOException: IDX20807: Unable to retrieve document from: 'System.String'. HttpResponseMessage: 'System.Net.Http.HttpResponseMessage', HttpResponseMessage.Content: 'System.String'.
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Lithnet.AccessManager.Service.Controllers.HomeController.Login(String returnUrl) in D:\dev\git\lithnet\access-manager\src\Lithnet.AccessManager\Lithnet.AccessManager.Service\Controllers\HomeController.cs:line 80
   at lambda_method(Closure , Object )
   at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|24_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|19_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Lithnet.AccessManager.Service.Extensions.ApplicationBuilderExtensions.<>c__DisplayClass5_0.<<UseContentTypeOptions>b__0>d.MoveNext() in D:\dev\git\lithnet\access-manager\src\Lithnet.AccessManager\Lithnet.AccessManager.Service\Extensions\ApplicationBuilderExtensions.cs:line 56
--- End of stack trace from previous location where exception was thrown ---
   at Lithnet.AccessManager.Service.Extensions.ApplicationBuilderExtensions.<>c__DisplayClass7_0.<<UseReferrerPolicy>b__0>d.MoveNext() in D:\dev\git\lithnet\access-manager\src\Lithnet.AccessManager\Lithnet.AccessManager.Service\Extensions\ApplicationBuilderExtensions.cs:line 74
--- End of stack trace from previous location where exception was thrown ---
   at Lithnet.AccessManager.Service.Extensions.ApplicationBuilderExtensions.<>c__DisplayClass3_0.<<UseContentSecurityPolicy>b__0>d.MoveNext() in D:\dev\git\lithnet\access-manager\src\Lithnet.AccessManager\Lithnet.AccessManager.Service\Extensions\ApplicationBuilderExtensions.cs:line 38
--- End of stack trace from previous location where exception was thrown ---
   at Lithnet.AccessManager.Service.Extensions.ApplicationBuilderExtensions.<>c__DisplayClass1_0.<<UseFeaturePolicy>b__0>d.MoveNext() in D:\dev\git\lithnet\access-manager\src\Lithnet.AccessManager\Lithnet.AccessManager.Service\Extensions\ApplicationBuilderExtensions.cs:line 20
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
2022-01-21 11:29:20.4602|DEBUG|Quartz.SQL|Prepared SQL: SELECT TOP 1  TRIGGER_NAME, TRIGGER_GROUP, NEXT_FIRE_TIME, PRIORITY FROM QRTZ_TRIGGERS WHERE SCHED_NAME = @schedulerName AND TRIGGER_STATE = @state AND NEXT_FIRE_TIME <= @noLaterThan AND (MISFIRE_INSTR = -1 OR (MISFIRE_INSTR <> -1 AND NEXT_FIRE_TIME >= @noEarlierThan)) ORDER BY NEXT_FIRE_TIME ASC, PRIORITY DESC
2022-01-21 11:29:20.4703|DEBUG|Quartz.Core.QuartzSchedulerThread|Batch acquisition of 0 triggers
2022-01-21 11:29:43.8638|DEBUG|Quartz.SQL|Prepared SQL: SELECT TOP 1  TRIGGER_NAME, TRIGGER_GROUP, NEXT_FIRE_TIME, PRIORITY FROM QRTZ_TRIGGERS WHERE SCHED_NAME = @schedulerName AND TRIGGER_STATE = @state AND NEXT_FIRE_TIME <= @noLaterThan AND (MISFIRE_INSTR = -1 OR (MISFIRE_INSTR <> -1 AND NEXT_FIRE_TIME >= @noEarlierThan)) ORDER BY NEXT_FIRE_TIME ASC, PRIORITY DESC
2022-01-21 11:29:43.8724|DEBUG|Quartz.Core.QuartzSchedulerThread|Batch acquisition of 0 triggers
2022-01-21 11:29:51.1434|DEBUG|Quartz.Impl.AdoJobStore.MisfireHandler|Scanning for misfires...
2022-01-21 11:29:51.1434|DEBUG|Quartz.SQL|Prepared SQL: SELECT COUNT(TRIGGER_NAME) FROM QRTZ_TRIGGERS WHERE SCHED_NAME = @schedulerName AND MISFIRE_INSTR <> -1 AND NEXT_FIRE_TIME < @nextFireTime AND TRIGGER_STATE = @state1
2022-01-21 11:29:51.1516|DEBUG|Quartz.Impl.AdoJobStore.JobStoreTX|Found 0 triggers that missed their scheduled fire-time.
ryannewington commented 2 years ago

@marcohald

It looks like AMS is unable to retrieve the OIDC metadata location from the keycloak server (located at ~/.well-known/openid-configuration).

I'm not too familiar with keycloak myself, so I'm not sure what you need to do to resolve this.

marcohald commented 2 years ago

Thank you for the hint with the Filename, I indeed used the wrong path. For other Users using Keycloak, you can find the right path here https://stackoverflow.com/a/61563416/10966928 It would be great if the Error message contained the path it tries to reach, than it would be easier to debug.