My configuration has 3 sites: Identity Server (Idp), Windows Authentication host and my end-user client site. On the client site, I request a controller decorated with [Authorize]
and Identity Server kicks in.
The windows host at port 44305 is apparently throwing an exception and the identity server is receiving a status 500. I can access the windows host site URL without any problem. I get back an XML document
How do I debug and find out what that exception or error is that is stopping this authentication process? I get a 3 part exception with the inner most as the following
InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://localhost:44305/'.
Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__3.MoveNext() in ConfigurationManager.cs
The Windows Host OWIN startup is using UseWindowsAuthenticationService
The Identity Server OWIN is using AuthenticationOptions = WsFederationAuthenticationOptions
var wsFederationOptions = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = "https://localhost:44305/",
Wtrealm = "urn:idsrv3"
};
app.UseWsFederationAuthentication(wsFederationOptions);
}
Here are the requests and responses
Request URL:https://localhost:44315/
Request Method:GET
Status Code:302 Found
Response:Location:https://localhost:16433/connect/authorize?client_id=hms2015&redirect_uri=...
Request: https://localhost:16433/connect/authorize?client_id=hms2015&redirect_uri=...
Request Method:GET
Status Code:302 Found
Location:https://localhost:16433/login?signin=fde7508a6634698847c3076c9028604b
Request URL:https://localhost:16433/login?signin=fde7508a6634698847c3076c9028604b
Request Method:GET
Status Code:500 Internal Server Error
I have no visible SSL issues. With my browser, I can open all the pages from the different sites without any warning. I add my localhost IIS Express cert to the Trusted Root Cert.
I had the same problem - it seems that the SSL cert was untrusted. To resolve this I moved the "localhost" IIS Express Cert from the Personal CertStore to the Trusted Root Certification Authorities and the issue was gone.
I had this problem, and needed to trust the certificate as per Robert Muehsig answer.
But this on its own wasn't enough. I'm using Bearer Token Authentication. A bit of further digging revealed that I needed to set the DelayLoadMetadata flag to true.
So in my Web API startup:
app.UseIdentityServerBearerTokenAuthentication(
new IdentityServerBearerTokenAuthenticationOptions
{
DelayLoadMetadata=true
});
After this and the certificate trust change it started working. I know this isn't the same config as the original problem, but during my searching I kept coming across this post so thought I'd put this here for anyone else who stumbles across it...
From my memory, this error is thrown mostly due to the certificate trust / network access issue. Since you are running all the components in local host, it is definitely not a network issue. I assume you are running from VS Dev environment.
Couple of things:
Also, Assign permissions to read the certificate as described here https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Certificates
If you still face this issue, try monitoring the traffic via Wireshark (Fiddler won't work in this case )
For testing purposes, I added the below block as the first piece of middleware in my pipeline. This will actually log the exception whenever one occurs. This lead me to see that my 500 actually was a 401.
appBuilder.Use(async (context, next) =>
{
try
{
await next();
}
catch(Exception ex)
{
Log.Error(ex, "OWIN error.");
}
});
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With