Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

"InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'"

I've deployed my API and Client app on Docker, but for the life of me, the web app cannot call the API, I keep getting an exception.

I added the following line suggested in other posts, but it did not work.

IdentityModelEventSource.ShowPII = true;

Exception:

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'.
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.InvokeCore(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
like image 354
Jane Senya Avatar asked Jan 30 '19 07:01

Jane Senya


4 Answers

We need to enable viewing of PII logs so we can see more details about the error: Add the following line in ConfigureServices() to Startup.cs

public void ConfigureServices(IServiceCollection services)
{
    IdentityModelEventSource.ShowPII = true; //Add this line
    ....
like image 89
Mentor Avatar answered Nov 16 '22 20:11

Mentor


In my case, this happened while I was developing identity prototype with Identity Server on localhost environment and my authority was configured incorrectly.

I was following an example from Identity Server 4, the issue was that the Quick start example of the Identity Server 4 contain 3 projects:

  • Identity Server. with endpoint => https://localhost:5001
  • Api (called Resource Api or Consumer Api).
  • Client.

In the example that was provided, the Identity Server was set to https with endpoint https://localhost:5001. But the Authority was in Consumer Api was set to http://localhost:5000.

So when client try to connect to Consumer Api, it gets the http://localhost:5000 address and try to look at http://localhost:5000/.well-known/openid-configuration and this does not exist. It exist only on https://localhost:5001/.well-known/openid-configuration.

So far so good.

The solution is to ensure you are using the same endpoint of the identity server on your consumer authority:

options.Authority = "https://localhost:5001";
like image 28
Maytham Avatar answered Nov 16 '22 22:11

Maytham


If anyone is experiencing this during development, I was able to solve this by clearing my developer certs then recreating them.

dotnet dev-certs https --clean
dotnet dev-certs https --trust
like image 19
Jason White Avatar answered Nov 16 '22 21:11

Jason White


Enabling TLS 1.2 solved the issue

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
like image 12
Aypn Avatar answered Nov 16 '22 20:11

Aypn