Duende.IdentityServer.Admin
Duende.IdentityServer.Admin copied to clipboard
Problems configuring external provider such as Azure AD
Detail of the execution environment
I´m using the images generated in the DockerHub.
I´ve set up my proper values
Running a docker-compose up - d to get up my execution
Works properly !
But now I want to use Azure AD as an external provider (my intention is my users - configured on mi IDS - , can use their own Azure AD accounts ir order to log in.
Configuration sample
On my docker-compose.yaml i´ve changed proper values (I think relevant section is skoruba-duende-identityserver-sts-identity and ExternalProvidersConfiguration values but I put my hole file)
I have omitted sensitive sections, as well as values with private information (those with XXX as value).
version: '3.4'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx
ports:
- '443:443'
environment:
- VIRTUAL_PORT=443
- VIRTUAL_PROTO=https
- DEFAULT_HOST=sts.mydomain.com
networks:
proxy: null
identityserverui:
aliases:
- sts.mydomain.com
- admin.mydomain.es
- admin-api.mydomain.es
restart: always
ids.admin:
image: skoruba/duende-identityserver-admin:1.2.0
container_name: skoruba-duende-identityserver-admin
environment:
- VIRTUAL_HOST=admin.mydomain.es
- VIRTUAL_PORT=443
- VIRTUAL_PROTO=https
- 'AdminConfiguration__IdentityAdminBaseUrl=https://admin.mydomain.es'
- 'AdminConfiguration__IdentityAdminRedirectUri=https://admin.mydomain.es/signin-oidc'
- 'AdminConfiguration__IdentityServerBaseUrl=https://sts.mydomain.com'
- 'AdminConfiguration__ClientId=XXX'
- 'AdminConfiguration__ClientSecret=XXX'
- 'AdminConfiguration__OidcResponseType=code'
- DockerConfiguration__UpdateCaCertificate=true
- ASPNETCORE_ENVIRONMENT=Production
- 'ASPNETCORE_URLS=https://+:443'
command: dotnet Skoruba.Duende.IdentityServer.Admin.dll /seed
depends_on:
- db
- gtmotive.issidentityserver6.sts.identity
volumes:
XXX
networks:
identityserverui: null
ids.admin.api:
image: skoruba/duende-identityserver-admin-api:1.2.0
container_name: skoruba-duende-identityserver-admin-api
environment:
- VIRTUAL_HOST=admin-api.mydomain.es
- VIRTUAL_PORT=443
- VIRTUAL_PROTO=https
- AdminApiConfiguration__RequireHttpsMetadata=true
- 'AdminApiConfiguration__ApiBaseUrl=https://admin-api.mydomain.es'
- 'AdminApiConfiguration__IdentityServerBaseUrl=https://sts.mydomain.com'
- DockerConfiguration__UpdateCaCertificate=true
- ASPNETCORE_ENVIRONMENT=Production
- 'ASPNETCORE_URLS=https://+:443'
networks:
identityserverui: null
ids.sts:
image: skoruba/duende-identityserver-sts-identity:1.2.0
container_name: skoruba-duende-identityserver-sts-identity
environment:
- VIRTUAL_HOST=sts.mydomain.com
- VIRTUAL_PORT=443
- VIRTUAL_PROTO=https
- 'AdminConfiguration__IdentityAdminBaseUrl=https://admin.mydomain.es'
- 'AdvancedConfiguration__IssuerUri=https://sts.mydomain.com'
- DockerConfiguration__UpdateCaCertificate=true
- ASPNETCORE_ENVIRONMENT=Production
- 'ASPNETCORE_URLS=https://+:443'
- 'ExternalProvidersConfiguration__UseAzureAdProvider=true'
- 'ExternalProvidersConfiguration__AzureAdClientId=XXX'
- 'ExternalProvidersConfiguration__AzureAdTenantId=XXX'
- 'ExternalProvidersConfiguration__AzureInstance=XXX'
- 'ExternalProvidersConfiguration__AzureAdSecret=XXX'
- 'ExternalProvidersConfiguration__AzureAdCallbackPath=https://sts.mydomain.com/signin-microsoft'
- 'ExternalProvidersConfiguration__AzureDomain=mydomain.com'
depends_on:
- db
networks:
identityserverui:
aliases:
- sts.mydomain.com
db:
XXX
networks:
identityserverui: null
volumes:
dbdata:
driver: local
networks:
proxy:
driver: bridge
identityserverui:
driver: bridge
Relevant parts of the log file
This is my problem
skoruba-duende-identityserver-sts-identity | [2023-09-22T10:40:26.1227397+00:00][EROR][9][Microsoft.AspNetCore.Server.Kestrel] Connection id ""0HMTRB1AEDB4Q"", Request id ""0HMTRB1AEDB4Q:00000002"": An unhandled exception was thrown by the application.
skoruba-duende-identityserver-sts-identity | System.ArgumentException: The path in 'value' must start with '/'. (Parameter 'value')
skoruba-duende-identityserver-sts-identity | at Microsoft.AspNetCore.Http.PathString..ctor(String value)
skoruba-duende-identityserver-sts-identity | at Microsoft.AspNetCore.Http.PathString.FromUriComponent(String uriComponent)
skoruba-duende-identityserver-sts-identity | at Microsoft.AspNetCore.Http.PathString.op_Implicit(String s)
skoruba-duende-identityserver-sts-identity | at Skoruba.Duende.IdentityServer.STS.Identity.Helpers.StartupHelpers.<>c__DisplayClass8_0.<AddExternalProviders>b__1(MicrosoftIdentityOptions options) in /src/src/Skoruba.Duende.IdentityServer.STS.Identity/Helpers/StartupHelpers.cs:line 422
skoruba-duende-identityserver-sts-identity | at Microsoft.Extensions.Options.ConfigureNamedOptions`1.Configure(String name, TOptions options)
skoruba-duende-identityserver-sts-identity | at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
skoruba-duende-identityserver-sts-identity | at Microsoft.Extensions.Options.OptionsMonitor`1.<>c__DisplayClass10_0.<Get>b__0()
skoruba-duende-identityserver-sts-identity | at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
skoruba-duende-identityserver-sts-identity | at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
skoruba-duende-identityserver-sts-identity | at System.Lazy`1.CreateValue()
skoruba-duende-identityserver-sts-identity | at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd(String name, Func`1 createOptions)
skoruba-duende-identityserver-sts-identity | at Microsoft.Extensions.Options.OptionsMonitor`1.Get(String name)
skoruba-duende-identityserver-sts-identity | at Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderExtensions.<>c__DisplayClass5_0.<AddMicrosoftIdentityWebAppInternal>b__3(OpenIdConnectOptions options, IServiceProvider serviceProvider, IOptionsMonitor`1 mergedOptionsMonitor, IOptionsMonitor`1 msIdOptionsMonitor, IOptions`1 msIdOptions)
skoruba-duende-identityserver-sts-identity | at Microsoft.Extensions.Options.ConfigureNamedOptions`5.Configure(String name, TOptions options)
skoruba-duende-identityserver-sts-identity | at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
skoruba-duende-identityserver-sts-identity | at Microsoft.Extensions.Options.OptionsMonitor`1.<>c__DisplayClass10_0.<Get>b__0()
skoruba-duende-identityserver-sts-identity | at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
skoruba-duende-identityserver-sts-identity | at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
skoruba-duende-identityserver-sts-identity | at System.Lazy`1.CreateValue()
skoruba-duende-identityserver-sts-identity | at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd(String name, Func`1 createOptions)
skoruba-duende-identityserver-sts-identity | at Microsoft.Extensions.Options.OptionsMonitor`1.Get(String name)
skoruba-duende-identityserver-sts-identity | at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.InitializeAsync(AuthenticationScheme scheme, HttpContext context)
skoruba-duende-identityserver-sts-identity | at Microsoft.AspNetCore.Authentication.AuthenticationHandlerProvider.GetHandlerAsync(HttpContext context, String authenticationScheme)
skoruba-duende-identityserver-sts-identity | at Duende.IdentityServer.Hosting.FederatedSignOut.FederatedSignoutAuthenticationHandlerProvider.GetHandlerAsync(HttpContext context, String authenticationScheme) in /_/src/IdentityServer/Hosting/FederatedSignOut/FederatedSignoutAuthenticationHandlerProvider.cs:line 33
skoruba-duende-identityserver-sts-identity | at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
skoruba-duende-identityserver-sts-identity | at Duende.IdentityServer.Hosting.DynamicProviders.DynamicSchemeAuthenticationMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/DynamicProviders/DynamicSchemes/DynamicSchemeAuthenticationMiddleware.cs:line 47
skoruba-duende-identityserver-sts-identity | at Duende.IdentityServer.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/BaseUrlMiddleware.cs:line 27
skoruba-duende-identityserver-sts-identity | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
My question is
What am I doing wrong?
It is I´m running out of ideas .... I suppose there is something related to AzureAdCallbackPath
Any thoughts?