search

skoruba / IdentityServer4.Admin

The administration for the IdentityServer4 and Asp.Net Core Identity
MIT License
3.57k stars 1.15k forks source link

Admin panel oidc callback url not work when running with docker image #579

Open inamvar opened 4 years ago

inamvar commented 4 years ago

I started docker containers but admin oidc callback url not working. here is my docker-compose file.

version: '3.4'

services:
  ids.admin:
    image: skoruba/identityserver4-admin:rc1
    container_name: ids-admin
    environment:
      - ASPNETCORE_ENVIRONMENT=Production
      - "ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
      - "ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
      - "ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
      - "ConnectionStrings__AdminLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
      - "ConnectionStrings__AdminAuditLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
      - "AdminConfiguration__IdentityAdminBaseUrl=https://admin.accounts.dariksoft.com"
      - "AdminConfiguration__IdentityAdminRedirectUri=https://admin.accounts.dariksoft.com/signin-oidc"
      - "AdminConfiguration__IdentityServerBaseUrl=https://accounts.dariksoft.com"
      - "AdminConfiguration__RequireHttpsMetadata=true"
      - "IdentityServerData__Clients__0__ClientUri=https://admin.accounts.dariksoft.com"
      - "IdentityServerData__Clients__0__RedirectUris__0=https://admin.accounts.dariksoft.com/signin-oidc"
      - "IdentityServerData__Clients__0__FrontChannelLogoutUri=https://admin.accounts.dariksoft.com/signin-oidc"
      - "IdentityServerData__Clients__0__PostLogoutRedirectUris__0=https://admin.accounts.dariksoft.com/signout-callback-oidc"
      - "IdentityServerData__Clients__0__AllowedCorsOrigins__0=https://admin.accounts.dariksoft.com"
      - "IdentityServerData__Clients__1__RedirectUris__0=https://api.accounts.dariksoft.com/swagger/oauth2-redirect.html"
      - "Serilog__WriteTo__1__Args__connectionString=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
    command: dotnet Skoruba.IdentityServer4.Admin.dll /seed
    depends_on:
      - db
      - ids.sts.identity
    volumes:
      - "/var/ids/shared/serilog.json:/app/serilog.json"
      - "/var/ids/shared/identitydata.json:/app/identitydata.json"
      - "/var/ids/shared/identityserverdata.json:/app/identityserverdata.json"
    ports:
      - 9000:80
    volumes:
      - /var/ids/secrets:/root/.microsoft/usersecrets:ro

  ids.admin.api:
    image: skoruba/identityserver4-admin-api:rc1
    container_name: ids-api
    environment:
      - "AdminApiConfiguration__RequireHttpsMetadata=false"
      - "AdminApiConfiguration__ApiBaseUrl=https://api.accounts.dariksoft.com"
      - "AdminApiConfiguration__IdentityServerBaseUrl=https://accounts.dariksoft.com"
      - "ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
      - "ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
      - "ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
      - "ConnectionStrings__AdminLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
      - "ConnectionStrings__AdminAuditLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
    ports:
      - 9001:80
    volumes:
      - /var/ids/secrets:/root/.microsoft/usersecrets:ro

  ids.sts.identity:
    image: skoruba/identityserver4-sts-identity:rc1
    container_name: ids-sts
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - "ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
      - "ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
      - "ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
      - "AdminConfiguration__IdentityAdminBaseUrl=https://admin.accounts.dariksoft.com"
    depends_on:
      - db
    ports:
      - 5000:80
    volumes:
      - /var/ids/secrets:/root/.microsoft/usersecrets:ro
    networks:
      default:
        aliases:
          - accounts.dariksoft.com
  db:
    image: "mcr.microsoft.com/mssql/server"
    ports:
      - 1433:1433
    container_name: ids-db
    environment:
      SA_PASSWORD: "${DB_PASSWORD:-Password_123}"
      ACCEPT_EULA: "Y"
    volumes:
      - dbdata:/var/opt/mssql

volumes:
  dbdata:
    driver: local

networks:
  default:
    driver: bridge
skoruba commented 4 years ago

What error do you get?

inamvar commented 4 years ago 
ids-admin           | [07:25:34 ERR] An unhandled exception has occurred while executing the request.
ids-admin           | System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
ids-admin           |  ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
ids-admin           |  ---> System.Net.Http.HttpRequestException: Connection refused
ids-admin           |  ---> System.Net.Sockets.SocketException (111): Connection refused
ids-admin           |    at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
ids-admin           |    --- End of inner exception stack trace ---
ids-admin           |    at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
ids-admin           |    at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
ids-admin           |    at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
ids-admin           |    at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
ids-admin           |    at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
ids-admin           |    at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
ids-admin           |    at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
ids-admin           |    at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
ids-admin           |    at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
ids-admin           |    --- End of inner exception stack trace ---
ids-admin           |    at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
ids-admin           |    at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
ids-admin           |    at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
ids-admin           |    --- End of inner exception stack trace ---
ids-admin           |    at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
ids-admin           |    at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
ids-admin           |    at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
ids-admin           |    at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
ids-admin           |    at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
ids-admin           |    at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
ids-admin           |    at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
ids-admin           |    at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
ids-admin           |    at NWebsec.AspNetCore.Middleware.Middleware.CspMiddleware.Invoke(HttpContext context)
ids-admin           |    at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
ids-admin           |    at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
ids-admin           |    at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
ids-admin           |    at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
ids-admin           |    at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
inamvar commented 4 years ago

@skoruba any idea?

skoruba commented 4 years ago

@inamvar - It is hard to say - this error is pretty common. IS4 Admin auth middleware cannot get discover document from IS4. Any detailed error in IS4 logs? Do you have your services online published to the internet?

love75hu commented 4 years ago

Hello, I also encountered a similar situation, do not know how to solve?