search

simpleidserver / SimpleIdServer

OpenID, OAuth 2.0, SCIM2.0, UMA2.0, FAPI, CIBA & OPENBANKING Framework for ASP.NET Core
https://simpleidserver.com/
Apache License 2.0
683 stars 90 forks source link

Deployment problem #717

Closed qq1176914912 closed 2 months ago

qq1176914912 commented 3 months ago

We now have two pods in k8s, one pod is responsible for deploying the 5001 project, the other pod is the 5002 project, the pod is http, the ingress layer is configured as https and the certificate is mounted, when we use https to access the deployed 5002 project, the first error will be reported:

image Why do we need http redirect addresses when we use https access? And then I modify the database, in the "http://iamcp.gmzta.cn/signin-oidc" redirect_uri configuration, use HTTPS access 5002 again, this time you can achieve the jump to the login page, after the success of the login, has successfully jump back to the 5002 project, But an error is reported: “iamcp.gmzta.cn” is the domain name of project 5002 image At the same time, the internal error of 5002 project is reported:

info: SimpleIdServer.OpenIdConnect.CustomOpenIdConnectHandler[4] Error from RemoteAuthentication: Response status code does not indicate success: 400 (Bad Request).. fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1] An unhandled exception has occurred while executing the request. System.Exception: An error was encountered while handling the remote login. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request). at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() at SimpleIdServer.OpenIdConnect.CustomOpenIdConnectHandler.GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, ClaimsPrincipal principal, AuthenticationProperties properties) in /src/src/IdServer/SimpleIdServer.OpenIdConnect/CustomOpenIdConnectHandler.cs:line 697 at SimpleIdServer.OpenIdConnect.CustomOpenIdConnectHandler.HandleRemoteAuthenticateAsync() in /src/src/IdServer/SimpleIdServer.OpenIdConnect/CustomOpenIdConnectHandler.cs:line 598 --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.g__Awaited|8_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)

The current configuration is as follows: 5002 Set IgnoreCertificateError to true, 5001 Configuration file ForceHttps is set to false.

simpleidserver commented 3 months ago

Hello,

Could you please check if the environment variable ASPNETCORE_FORWARDEDHEADER_ENABLED is set to true in the Kubernetes YAML files? You can find the Kubernetes sample file here: https://github.com/simpleidserver/SimpleIdServer/blob/master/sid-kubernetes.yaml

qq1176914912 commented 2 months ago

Hello,

Could you please check if the environment variable ASPNETCORE_FORWARDEDHEADER_ENABLED is set to true in the Kubernetes YAML files? You can find the Kubernetes sample file here: https://github.com/simpleidserver/SimpleIdServer/blob/master/sid-kubernetes.yaml

Thank you problem solved