search

skoruba / IdentityServer4.Admin

The administration for the IdentityServer4 and Asp.Net Core Identity
MIT License
3.57k stars 1.15k forks source link

How to run Identity.Admin in docker #916

Closed Mutuduxf closed 3 years ago

Mutuduxf commented 3 years ago

Hi Skoruba,thx for your great projects!I am a new guy in IdentityServer and I try to run Skoruba.IdentityServer4.Admin and Skoruba.IdentityServer4.STS.Identity in docker,the shell commands like this:

docker build -f src/Skoruba.IdentityServer4.Admin/Dockerfile -t zaaby-identity-server-admin .;
docker build -f src/Skoruba.IdentityServer4.STS.Identity/Dockerfile -t zaaby-identity-server-sts .;

dotnet dev-certs https --clean; \
dotnet dev-certs https -ep ${HOME}/.aspnet/https/Skoruba.IdentityServer4.Admin.pfx -p 123; \
dotnet dev-certs https --trust;
dotnet dev-certs https -ep ${HOME}/.aspnet/https/Skoruba.IdentityServer4.STS.Identity.pfx -p 123; \
dotnet dev-certs https --trust; \

docker run --restart always -d \
    -p 44303:443 \
    -p 8080:80 \
    -e ASPNETCORE_URLS="https://+;http://+" \
    -e ASPNETCORE_HTTPS_PORT=44303 \
    -e ASPNETCORE_Kestrel__Certificates__Default__Password=123 \
    -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/Skoruba.IdentityServer4.Admin.pfx -v ${HOME}/.aspnet/https:/https/ \
    --name IdentityAdmin \
    zaaby-identity-server-admin

docker run --restart always -d \
    -p 44310:443 \
    -p 8000:80 \
    -e ASPNETCORE_URLS="https://+;http://+" \
    -e ASPNETCORE_HTTPS_PORT=44310 \
    -e ASPNETCORE_Kestrel__Certificates__Default__Password=123 \
    -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/Skoruba.IdentityServer4.STS.Identity.pfx -v ${HOME}/.aspnet/https:/https/ \
    --name IdentityAdminSTS \
    zaaby-identity-server-sts

The Skoruba.IdentityServer4.STS.Identity(44310) container is ok but when I visit the Skoruba.IdentityServer4.Admin(44303) it response http 500 and it throw an unhandled exception:

[01:34:56 ERR] Connection id "0HMCI3SQ4J26N", Request id "0HMCI3SQ4J26N:00000001": An unhandled exception was thrown by the application.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'.
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.CspMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

So how to handle this exception?Looking forward to your reply.

Mutuduxf commented 3 years ago

The appsettings.json in Skoruba.IdentityServer4.Admin and Skoruba.IdentityServer4.STS.Identity I have replaced all "localhost" to the vm IP,such like this:

    "AdminConfiguration": {
        "PageTitle": "Skoruba IdentityServer4 Admin",
        "FaviconUri": "~/favicon.ico",
        "IdentityAdminRedirectUri": "https://172.16.19.180:44303/signin-oidc",
        "IdentityServerBaseUrl": "http://172.16.19.180:8000",
        "IdentityAdminCookieName": "IdentityServerAdmin",
        "IdentityAdminCookieExpiresUtcHours": 12,
        "RequireHttpsMetadata": false,
        "TokenValidationClaimName": "name",
        "TokenValidationClaimRole": "role",
        "ClientId": "skoruba_identity_admin",
        "ClientSecret": "skoruba_admin_client_secret",
        "OidcResponseType": "code",
        "Scopes": [
            "openid",
            "profile",
            "email",
            "roles"
        ],
        "AdministrationRole": "SkorubaIdentityAdminAdministrator",
        "HideUIForMSSqlErrorLogging": false
    },
skoruba commented 3 years ago

Hey, do you want to run this locally on your machine for dev purpose?

skoruba commented 3 years ago

It complains about SSL cert - check this one: https://github.com/skoruba/IdentityServer4.Admin#certificates

Mutuduxf commented 3 years ago

Hey, do you want to run this locally on your machine for dev purpose?

No,I want to run these on a remote server for test.

Mutuduxf commented 3 years ago

It complains about SSL cert - check this one: https://github.com/skoruba/IdentityServer4.Admin#certificates

Thx for your reply!But I had some problems on "brew install mkcert" today,I will try again tomorrow.

Mutuduxf commented 3 years ago

It complains about SSL cert - check this one: https://github.com/skoruba/IdentityServer4.Admin#certificates

Hi Skoruba,I had used mkcert to create pfx:

mkcert -pkcs12 Skoruba.IdentityServer4.Admin.pfx skoruba.local *.skoruba.local; \
mkcert -pkcs12 Skoruba.IdentityServer4.STS.Identity.pfx skoruba.local *.skoruba.local;

and run containers with these:

docker build -f src/Skoruba.IdentityServer4.Admin/Dockerfile -t zaaby-identity-server-admin .; \

docker run --restart always -d \
    -p 44303:443 \
    -p 8080:80 \
    -e ASPNETCORE_URLS="https://+;http://+" \
    -e ASPNETCORE_HTTPS_PORT=44303 \
    -e ASPNETCORE_Kestrel__Certificates__Default__Password=changeit \
    -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/Skoruba.IdentityServer4.Admin.pfx+2.p12 -v ${HOME}/.aspnet/https:/https/ \
    --name IdentityAdmin \
    zaaby-identity-server-admin; \

docker build -f src/Skoruba.IdentityServer4.STS.Identity/Dockerfile -t zaaby-identity-server-sts .; \

docker run --restart always -d \
    -p 44310:443 \
    -p 8000:80 \
    -e ASPNETCORE_URLS="https://+;http://+" \
    -e ASPNETCORE_HTTPS_PORT=44310 \
    -e ASPNETCORE_Kestrel__Certificates__Default__Password=changeit \
    -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/Skoruba.IdentityServer4.STS.Identity.pfx+2.p12 -v ${HOME}/.aspnet/https:/https/ \
    --name IdentityAdminSTS \
    zaaby-identity-server-sts; \

Unfortunately the Skoruba.IdentityServer4.STS is ok but the Skoruba.IdentityServer4.Admin still throw the System.Security.Authentication.AuthenticationException:

[08:37:33 ERR] An unhandled exception has occurred while executing the request.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'.
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.CspMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
[08:37:33 ERR] An exception was thrown attempting to execute the error handler.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.CspMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi)
[08:37:33 ERR] Connection id "0HMCJKJC701VJ", Request id "0HMCJKJC701VJ:00000001": An unhandled exception was thrown by the application.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'.
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.CspMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

So I think the problem is not at the pfx files but in the configurations,I have modified some informations in appsettings.json and identityserverdata.json for the test env.In identityserverdata.json the "skoruba_identity_admin" in "Clients" like this:

{
    "ClientId": "skoruba_identity_admin",
    "ClientName": "skoruba_identity_admin",
    "ClientUri": "https://172.16.19.180:44303",
    "AllowedGrantTypes": [
        "authorization_code"
    ],
    "RequirePkce": true,
    "ClientSecrets": [
        {
            "Value": "skoruba_admin_client_secret"
        }
    ],
    "RedirectUris": [
        "https://172.16.19.180:44303/signin-oidc"
    ],
    "FrontChannelLogoutUri": "https://172.16.19.180:44303/signout-oidc",
    "PostLogoutRedirectUris": [
        "https://172.16.19.180:44303/signout-callback-oidc"
    ],
    "AllowedCorsOrigins": [
        "https://172.16.19.180:44303"
    ],
    "AllowedScopes": [
        "openid",
        "email",
        "profile",
        "roles"
    ]
}

and in appsettings.json the "AdminConfiguration" like this:

"AdminConfiguration": {
    "PageTitle": "Skoruba IdentityServer4 Admin",
    "FaviconUri": "~/favicon.ico",
    "IdentityAdminRedirectUri": "https://172.16.19.180:44303/signin-oidc",
    "IdentityServerBaseUrl": "https://172.16.19.180:44310",
    "IdentityAdminCookieName": "IdentityServerAdmin",
    "IdentityAdminCookieExpiresUtcHours": 12,
    "RequireHttpsMetadata": false,
    "TokenValidationClaimName": "name",
    "TokenValidationClaimRole": "role",
    "ClientId": "skoruba_identity_admin",
    "ClientSecret": "skoruba_admin_client_secret",
    "OidcResponseType": "code",
    "Scopes": [
        "openid",
        "profile",
        "email",
        "roles"
    ],
    "AdministrationRole": "SkorubaIdentityAdminAdministrator",
    "HideUIForMSSqlErrorLogging": false
}

From the STS logs it has not get the request from Skoruba.IdentityServer4.Admin by the redirection,so I think I have misconfigured some information in the Skoruba.IdentityServer4.Admin . Could you please give me some suggestions or ideas?

DuanTranHuy commented 3 years ago

copy $env:LOCALAPPDATA\mkcert\rootCA.pem ./cacerts.pem -> copy $env:LOCALAPPDATA\mkcert\rootCA-key.pem ./cacerts.pem copy $env:LOCALAPPDATA\mkcert\rootCA.pem ./cacerts.crtmake sure it copy a file. This step may create folder instead of copy file

Mutuduxf commented 3 years ago

It complains about SSL cert - check this one: https://github.com/skoruba/IdentityServer4.Admin#certificates

Hi Skoruba,the problem has been solved.Cause I don't use docker-compose and nginx,so it need to exec the containers and run "update-ca-certificates".

Thanks again for your help.