Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Identity Server 4 - IDX10630: PII is hidden

Tags:

c#

rsa

signing

identityserver4

I'm fairly new to using encryption and rsa tokens and I'm trying to get IDentityServer4 to not use the developersigning, but one of my own. Here is what I have tried so far:

var keyInfo = new RSACryptoServiceProvider().ExportParameters(true);
var rsaSecurityKey = new RsaSecurityKey(new RSAParameters
{
    D = keyInfo.D,
    DP = keyInfo.DP,
    DQ = keyInfo.DQ,
    Exponent = keyInfo.Exponent,
    InverseQ = keyInfo.InverseQ,
    Modulus = keyInfo.Modulus,
    P = keyInfo.P,
    Q = keyInfo.Q
});

services.AddIdentityServer()
.AddSigningCredential(rsaSecurityKey)
.AddInMemoryPersistedGrants()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<User>();

However, when I run Identity Server4 and I get redirected to sign in page from another website, I get the following error:

IDX10630: The '[PII is hidden]' for signing cannot be smaller than '[PII is hidden]' bits. KeySize: '[PII is hidden]'. Parameter name: key.KeySize

I have to admit, I've been on this all weekend, trying to figure out how to use SigningCredentials and I'm not really sure what I've done wrong above.

like image 437
Bagzli Avatar asked Nov 12 '18 02:11

Bagzli

2 Answers

You can see more details in development by adding the following to Configure() in the Startup class:

if (env.IsDevelopment())
{
     IdentityModelEventSource.ShowPII = true; 
}
like image 64
user1069816 Avatar answered Nov 06 '22 18:11

user1069816

For those who are having the same problem: The ShowPII configuration is set globally, it's a static property of IdentityModelEventSource and can be set in the Startup class, for example. Once I added it I could see that it was throwing a InvalidIssuer exception for token validation. For me it was related to how I was generating the JWT to communicate with my API (which is protected with Identity Server 4). I was generating the token over the url: http://localhost:5002(out side of docker-compose network) which is different them the url Identity Server issuer inside my API: http://<<docker-service-name>>. So, if you are using docker-compose and manage to use your Identity Server as a separated container inside the same docker-compose, be aware that your authentication should generate a token with IDENTICAL issuer that is used in your API.

like image 5
Iuri Brindeiro Avatar answered Nov 06 '22 18:11

Iuri Brindeiro
Sign in to Comment

Related questions

How to get DateTime.Now() in YYYY-MM-DDThh:mm:ssTZD format using C# [duplicate]
SSLStream example - how do I get certificates that work?
Is there a method for searching for TreeNode.Text field in TreeView.Nodes collection?
Accessing UI controls in Task.Run with async/await on WinForms
How can I define variables in LINQ?
How to decode a Unicode character in a string
How do I work with Ninject in an ASP.NET MVC Web App?
asp.net mvc 3 razor. navigate to view on table tr click
A fast way to delete all rows of a datatable at once
Override .ToString method c#
UWP - Image Uri in Application Folder
Check if user is logged in with Token Based Authentication in ASP.NET Core
Compare Version Identifiers
Get the id of inserted row using C#
IEnumerable , IEnumerator vs foreach, when to use what [duplicate]
Is there a method in C# to check if a string is a valid identifier [duplicate]
Curly braces autocomplete in Visual Studio 2012
asp.net MVC 4 multiple post via different forms
InvalidProgramException / Common Language Runtime detected an invalid program
access cookie in _Layout.cshtml in ASP.NET Core

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!