search

skoruba / IdentityServer4.Admin

The administration for the IdentityServer4 and Asp.Net Core Identity
MIT License
3.56k stars 1.15k forks source link

Unable to obtain configuration from "https://xxxxxx.xxxxxx.com/xxxxxx/.well-known/openid-configuration" #573

Closed darkfinlay closed 4 years ago

darkfinlay commented 4 years ago

Hello,

I'm having this issue when i try to open the administration. This is balanced environment with IIS. I'd apreciate your help.

2020-04-08 11:54:30.740 -05:00 [ERR] An exception was thrown attempting to execute the error handler. System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://xxxxxx.xxxxxx.com/xxxxxx/.well-known/openid-configuration'. at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties) at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.ChallengeAsync(AuthenticationProperties properties) at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties) at Microsoft.AspNetCore.Mvc.ChallengeResult.ExecuteResultAsync(ActionContext context) at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeResultAsync(IActionResult result) at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAlwaysRunResultFilters() at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync() at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync() at Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context) at NWebsec.AspNetCore.Middleware.Middleware.CspMiddleware.Invoke(HttpContext context) at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context) at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context) at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context) at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context) at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.Invoke(HttpContext context)

mitirazvan commented 4 years ago

Hi, I also had this problem, and for me it was the case that from the server environment the calls to https://xxxxxx.xxxxxx.com/xxxxxx/ were blocked. To solve this we had to add in the hosts the corresponding lines:

127.0.0.1 xxxxxx.xxxxxx.com // sts 127.0.0.1 xxxxxx.xxxxxx.com // admin

The admin application instance hosted on the same server with STS was unable to access the STS because the request was blocked. Hope this will work for you.

darkfinlay commented 4 years ago

Hello @mitirazvan, the environment in which i'm installing does not allow to change hosts file. Installing the Admin on another server could be a different approach? thanks for your help.

darkfinlay commented 4 years ago

Hello @mitirazvan, we change the hosts file just like you said but still not working. I Believe there is an issue with the name of the server. This environment use a reverse proxy, so we have a public url and a private url. What do you think we should do in this case.

Thanks for your help.

mitirazvan commented 4 years ago

@darkfinlay having the Admin application on a different environment can work but you shouldn't think of this solution. I'm not an expert on this but I would recommend the following:

If you cannot do that then that's your issue that must be solved first. Maybe in your host file you have to replace the 127.0.0.1 with the private url. But if your ping works and you are able to access the well-known endpoint then it might be a configuration issue (wrong client config, etc).

skoruba commented 4 years ago

Help on this is welcome - #579 pretty similar issue.

aiscrim commented 4 years ago

Hi @darkfinlay , maybe you already solved it by yourself at this time, but if not: did you configure the PublicOrigin setting, as specified here? #510 I don't know if that's your problem, but being it a balanced environment behind a reverse proxy it certainly could be the cause of that error if you didn't.

martinussuherman commented 4 years ago

@aiscrim, I think @darkfinlay need to set base path in addition to PublicOrigin, that's because by default Kestrel is configured to be at / path.

Here are my suggestions:

Add in Startup.cs before other middleware: app.UsePathBase(Configuration.GetValue<string>("BasePath"));

Add in appsettings.json "BasePath": "/xxxxxx"

I think the easiest way to check this kind of error is by viewing https://xxxxxx.xxxxxx.com/xxxxxx in the browser and see if it resolves correctly to the token service.

Hope this help.

darkfinlay commented 4 years ago

@aiscrim I was using an older version that does not have that public origin setting. I used the version that it was recommended by you, installed it at the balanced environment and worked perfectly. obviosly i had to configured that public origin setting as https://xxxxx.xxxxx.xxx