skoruba
Upon login keeps redirecting back to login page.
I just downloaded this. Ran migrations and seeddata and then ran both projects. But when i login using the existing username and password stored wtihin Identity.Users.cs, it keep redirecting me back to the login page. I download it and ran the migrations as well as the seeddata. this is the returnurl
"/connect/authorize/callback?client_id=skoruba_identity_admin&redirect_uri=http%3A%2F%2Flocalhost%3A9000%2Fsignin-oidc&response_type=id_token&scope=openid%20profile%20email%20roles&response_mode=form_post&nonce=636862813423997478.NDA0MmRkYzQtODdiMC00NWYzLTk0MGUtZTI5NDkzNjMyOTcyZjVhNWI2OWEtYjc5OC00OGJhLTk0OWYtMzY4MzE3MmE1Mjg2&state=CfDJ8DaiEcgA_YNIijFvat1kQrzHyDUpK0JXm-wTSG4MyrmgBP_rqyL6UpKmJ_vnu0boipJgILPRnS6hMaCWxnc9DR2EPtcJLgdNPNdgyWQRwXDS6CgCiMGJmJb74wC2-rKLzf-ny7_IwXdl-FTccTqkNQLpj--6G8NPAXO8UOYLbflkJrkNkH0Du4dDwKHZJmIPzjWa402F1ecyszJ1T4MqFyKhP0ZtWeSwlo6pG03IjVFWBOzp4JDaXKl7ieuMllZQtn56I4iPgnLhxviE6JiJ2Mk8vqVYQAbWZfB5qE82LWCWi8Bde3P8WonMcQ-2w2315g&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.3.0.0"
Originally posted by @MaryadaPurshottam in https://github.com/skoruba/IdentityServer4.Admin/issues/44#issuecomment-465685742
Can you hit breakpoint here: https://github.com/skoruba/IdentityServer4.Admin/blob/master/src/Skoruba.IdentityServer4.STS.Identity/Quickstart/Account/AccountController.cs#L109
- is
resultsucceeded?
Please, send more details. Thank you.
Yep, result.Succeeded comes out true. It then proceeds to line 124 to redirect with to the above url which shows the login page once again.
Weird! This time it worked... I've been debugging this since the morning and really weird that it just started working.
Can you please check the log - located in Skoruba.IdentityServer4.STS.Identity\Log\ - any errors?
This is probably issue with some cookies not being properly cleaned up. If you encounter this issue again please check what cookies you have present before logging in. I've encountered the same issue but unfortunately wasn't able to reproduce it reliably.
Can you reproduce the steps for the issue reliably? That would be very helpful for us to hunt down this issue.
Can you reproduce the steps for the issue reliably? That would be very helpful for us to hunt down this issue.
I can't reproduce it.
Any new info about this topic? I have same problem. Clearing cookies and other actions didn't helps. Errors in log file not found. What information can I give you to advance on this issue?
We noticed that if we tried to run application over https and switch back to http - that was problem with cookie.
I found the problem and was able to work out a solution for customers. The direction was really related to cookies and this is evidenced by many issues in IdentityServer4 repository. How to solve it automatically I have no idea. But if you clear cookies through the browser snap-in for the site as a whole, the project goes out of an infinite loop account/login. For Chrome it will be Settings - Advanced - Content Settings - Cookies - select cookies for site, and delete it. Deleting cookies through developer tools and browser extensions did not solve this problem. I hope my information will improve the product. But for now I have to be. Waiting for release.
@zerobig @skoruba @xmichaelx
I had this issue with both login and logout. When using IdentityServer4 and ASP.NET Identity together.
This happens as you already mentioned when running app over https and switch back to http. And in some load balancing, SSL termination and other reverse proxy setups.
The actual problem was the cookie authentication scheme. MVC Core uses it's own default cookie authentication scheme (CookieAuthenticationDefaults.AuthenticationScheme). ASP.NET Identity uses same default MVC authentication scheme.
And IdentityServer uses it's own (IdentityServerConstants.DefaultCookieAuthenticationScheme). Also look at default sign out scheme on IdentityServerConstants ;)
Sometimes these two clash. Why? No idea.
- MVC sends 302 redirect.
- You get redirected
- IdentityServer middleware just passes request (should break with exception though) because your application (admin ui) is not "idsvr" cookie authenticated.
- MVC handles incoming route and shows login page.
Same as when client not authorized.
I'm creating pull request now which fixed this issue for good.
When user logs out, identityserver should cleanup all cookies including it's own "idsvr" cookies. They are not HTTPS only, and sometimes short circuit happens. By clearing all out on logout you ensure this login redirects will never happen in the future.
I also have the same problem, it does not work in chrome when logging in , but in IE well.
Hi, I have same problem in chrome. In other browser Edge chromium, Firefox run ok. I think the problem related to cookie, but I've deleted with chrome://settings/clearBrowserData, but It's still not run.
This is my log when login use Edge chromium browser. Run Ok!
2020-03-24 10:48:19.762 +07:00 [DBG] CORS request made for path: /Account/Login from origin: null but was ignored because path was not for an allowed IdentityServer CORS endpoint
2020-03-24 10:48:22.151 +07:00 [DBG] Start authorize request protocol validation
2020-03-24 10:48:22.174 +07:00 [DBG] MyClientId found in database: true
2020-03-24 10:48:22.174 +07:00 [DBG] client configuration validation for client MyClientId succeeded.
2020-03-24 10:48:22.174 +07:00 [DBG] Checking for PKCE parameters
2020-03-24 10:48:22.174 +07:00 [DBG] No PKCE used.
2020-03-24 10:48:22.175 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:48:22.177 +07:00 [DBG] Found [] API scopes in database
2020-03-24 10:48:22.178 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:48:22.179 +07:00 [DBG] Found [] API scopes in database
2020-03-24 10:48:22.179 +07:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2020-03-24 10:48:22.221 +07:00 [DBG] Augmenting SignInContext
2020-03-24 10:48:22.221 +07:00 [DBG] Adding idp claim with value: local
2020-03-24 10:48:22.221 +07:00 [DBG] Adding auth_time claim with value: 1585021702
2020-03-24 10:48:22.222 +07:00 [INF] AuthenticationScheme: Identity.Application signed in.
2020-03-24 10:48:22.222 +07:00 [INF] {"Username":"admin","Provider":null,"ProviderUserId":null,"SubjectId":"185666ac-7dd1-42da-adb7-27146868e276","DisplayName":"admin","Endpoint":"UI","ClientId":null,"Category":"Authentication","Name":"User Login Success","EventType":"Success","Id":1000,"Message":null,"ActivityId":"800000c5-0002-ee00-b63f-84710c7967bb","TimeStamp":"2020-03-24T03:48:22.0000000Z","ProcessId":9668,"LocalIpAddress":"192.168.19.146:5000","RemoteIpAddress":"192.168.19.146","$type":"UserLoginSuccessEvent"}
2020-03-24 10:48:22.235 +07:00 [DBG] MyClientId found in database: true
2020-03-24 10:48:22.235 +07:00 [DBG] client configuration validation for client MyClientId succeeded.
2020-03-24 10:48:22.241 +07:00 [DBG] Request path /connect/authorize/callback matched to endpoint type Authorize
2020-03-24 10:48:22.242 +07:00 [DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
2020-03-24 10:48:22.242 +07:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback
2020-03-24 10:48:22.242 +07:00 [DBG] Start authorize callback request
2020-03-24 10:48:22.242 +07:00 [DBG] User in authorize request: 185666ac-7dd1-42da-adb7-27146868e276
2020-03-24 10:48:22.242 +07:00 [DBG] Start authorize request protocol validation
2020-03-24 10:48:22.258 +07:00 [DBG] MyClientId found in database: true
2020-03-24 10:48:22.258 +07:00 [DBG] client configuration validation for client MyClientId succeeded.
2020-03-24 10:48:22.258 +07:00 [DBG] Checking for PKCE parameters
2020-03-24 10:48:22.258 +07:00 [DBG] No PKCE used.
2020-03-24 10:48:22.260 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:48:22.261 +07:00 [DBG] Found [] API scopes in database
2020-03-24 10:48:22.263 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:48:22.265 +07:00 [DBG] Found [] API scopes in database
2020-03-24 10:48:22.265 +07:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2020-03-24 10:48:22.265 +07:00 [DBG] ValidatedAuthorizeRequest
{"ClientId":"MyClientId","ClientName":"MyClientId","RedirectUri":"http://localhost:9000/signin-oidc","AllowedRedirectUris":["http://localhost:9000/signin-oidc"],"SubjectId":"185666ac-7dd1-42da-adb7-27146868e276","ResponseType":"code id_token","ResponseMode":"form_post","GrantType":"hybrid","RequestedScopes":"openid profile email roles","State":"CfDJ8L-aL-rVv9BEivLiZ72cvHIRam30K7FirAqzs62SWAltrxprJeCGRCC3y1Vsm6LpGFT90RzaY3QFaGAWFHpQPoN42LUsIzB40ShqVJVh3K9IbVa2j_oC7Uj0spsFAHM1Ma4iap4w4EvbpX9jmZ0o82SFUtkF916qe0iS6dabtJX2VmWLUnN1h4jnEz85XKrjmVPx9J_NW10FWPB1YJggJUItqXrnKsSRdmRPHsJGJgTlXlEOrrW0j7It54MlgOKn-jcvj9SIGU6NtCCO0PM0to0Kpg4cyu_BvoXvTbUKP1pu","UiLocales":null,"Nonce":"637206184461647273.MTJjYTgzZTYtNjkxMi00NjViLTlmZGYtNzNhZGU5MWZhYmZiN2M4NmVkNGYtNDRjMi00YWMyLWE3YTctMGIwNTI1ODIyNWFi","AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":null,"MaxAge":null,"LoginHint":null,"SessionId":"T9QERnyb8Lgu6leHZK6Ucg","Raw":{"client_id":"MyClientId","redirect_uri":"http://localhost:9000/signin-oidc","response_type":"code id_token","scope":"openid profile email roles","response_mode":"form_post","nonce":"637206184461647273.MTJjYTgzZTYtNjkxMi00NjViLTlmZGYtNzNhZGU5MWZhYmZiN2M4NmVkNGYtNDRjMi00YWMyLWE3YTctMGIwNTI1ODIyNWFi","state":"CfDJ8L-aL-rVv9BEivLiZ72cvHIRam30K7FirAqzs62SWAltrxprJeCGRCC3y1Vsm6LpGFT90RzaY3QFaGAWFHpQPoN42LUsIzB40ShqVJVh3K9IbVa2j_oC7Uj0spsFAHM1Ma4iap4w4EvbpX9jmZ0o82SFUtkF916qe0iS6dabtJX2VmWLUnN1h4jnEz85XKrjmVPx9J_NW10FWPB1YJggJUItqXrnKsSRdmRPHsJGJgTlXlEOrrW0j7It54MlgOKn-jcvj9SIGU6NtCCO0PM0to0Kpg4cyu_BvoXvTbUKP1pu","x-client-SKU":"ID_NETSTANDARD2_0","x-client-ver":"5.5.0.0"},"$type":"AuthorizeRequestValidationLog"}
2020-03-24 10:48:22.268 +07:00 [DBG] jGrSOkbB40Xu+u4xTkFRpf81K+vY/Loyk7REmk3y5mA= found in database: true
2020-03-24 10:48:22.269 +07:00 [DBG] Consent found in consent store is same as current request, consent is not required
2020-03-24 10:48:22.269 +07:00 [DBG] Creating Hybrid Flow response.
2020-03-24 10:48:22.272 +07:00 [DBG] NZF1gbUKgId5FanAwhsOHbuDPvpEe1jy1FUgL2Rm/yM= not found in database
2020-03-24 10:48:22.275 +07:00 [DBG] Creating Implicit Flow response.
2020-03-24 10:48:22.275 +07:00 [DBG] Getting claims for identity token for subject: 185666ac-7dd1-42da-adb7-27146868e276 and client: MyClientId
2020-03-24 10:48:22.276 +07:00 [DBG] In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.
2020-03-24 10:48:22.278 +07:00 [INF] {"ClientId":"MyClientId","ClientName":"MyClientId","RedirectUri":"http://localhost:9000/signin-oidc","Endpoint":"Authorize","SubjectId":"185666ac-7dd1-42da-adb7-27146868e276","Scopes":"openid profile email roles","GrantType":"hybrid","Tokens":[{"TokenType":"id_token","TokenValue":"****lFXA","$type":"Token"},{"TokenType":"code","TokenValue":"****fJb8","$type":"Token"}],"Category":"Token","Name":"Token Issued Success","EventType":"Success","Id":2000,"Message":null,"ActivityId":"800000c6-0002-ee00-b63f-84710c7967bb","TimeStamp":"2020-03-24T03:48:22.0000000Z","ProcessId":9668,"LocalIpAddress":"192.168.19.146:5000","RemoteIpAddress":"192.168.19.146","$type":"TokenIssuedSuccessEvent"}
2020-03-24 10:48:22.278 +07:00 [DBG] Authorize endpoint response
{"SubjectId":"185666ac-7dd1-42da-adb7-27146868e276","ClientId":"MyClientId","RedirectUri":"http://localhost:9000/signin-oidc","State":"CfDJ8L-aL-rVv9BEivLiZ72cvHIRam30K7FirAqzs62SWAltrxprJeCGRCC3y1Vsm6LpGFT90RzaY3QFaGAWFHpQPoN42LUsIzB40ShqVJVh3K9IbVa2j_oC7Uj0spsFAHM1Ma4iap4w4EvbpX9jmZ0o82SFUtkF916qe0iS6dabtJX2VmWLUnN1h4jnEz85XKrjmVPx9J_NW10FWPB1YJggJUItqXrnKsSRdmRPHsJGJgTlXlEOrrW0j7It54MlgOKn-jcvj9SIGU6NtCCO0PM0to0Kpg4cyu_BvoXvTbUKP1pu","Scope":"openid profile email roles","Error":null,"ErrorDescription":null,"$type":"AuthorizeResponseLog"}
2020-03-24 10:48:22.279 +07:00 [DBG] Augmenting SignInContext
2020-03-24 10:48:22.279 +07:00 [INF] AuthenticationScheme: Identity.Application signed in.
2020-03-24 10:48:22.380 +07:00 [DBG] Request path /connect/token matched to endpoint type Token
2020-03-24 10:48:22.391 +07:00 [DBG] Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint
2020-03-24 10:48:22.391 +07:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
2020-03-24 10:48:22.393 +07:00 [DBG] Start token request.
2020-03-24 10:48:22.393 +07:00 [DBG] Start client validation
2020-03-24 10:48:22.393 +07:00 [DBG] Start parsing Basic Authentication secret
2020-03-24 10:48:22.393 +07:00 [DBG] Start parsing for secret in post body
2020-03-24 10:48:22.393 +07:00 [DBG] Parser found secret: PostBodySecretParser
2020-03-24 10:48:22.393 +07:00 [DBG] Secret id found: MyClientId
2020-03-24 10:48:22.403 +07:00 [DBG] MyClientId found in database: true
2020-03-24 10:48:22.404 +07:00 [DBG] client configuration validation for client MyClientId succeeded.
2020-03-24 10:48:22.404 +07:00 [DBG] Secret validator success: HashedSharedSecretValidator
2020-03-24 10:48:22.404 +07:00 [DBG] Client validation success
2020-03-24 10:48:22.404 +07:00 [INF] {"ClientId":"MyClientId","AuthenticationMethod":"SharedSecret","Category":"Authentication","Name":"Client Authentication Success","EventType":"Success","Id":1010,"Message":null,"ActivityId":"80000042-0002-e100-b63f-84710c7967bb","TimeStamp":"2020-03-24T03:48:22.0000000Z","ProcessId":9668,"LocalIpAddress":"192.168.19.146:5000","RemoteIpAddress":"192.168.19.146","$type":"ClientAuthenticationSuccessEvent"}
2020-03-24 10:48:22.404 +07:00 [DBG] Start token request validation
2020-03-24 10:48:22.404 +07:00 [DBG] Start validation of authorization code token request
2020-03-24 10:48:22.405 +07:00 [DBG] NZF1gbUKgId5FanAwhsOHbuDPvpEe1jy1FUgL2Rm/yM= found in database: true
2020-03-24 10:48:22.407 +07:00 [DBG] removing NZF1gbUKgId5FanAwhsOHbuDPvpEe1jy1FUgL2Rm/yM= persisted grant from database
2020-03-24 10:48:22.411 +07:00 [DBG] Validation of authorization code token request success
2020-03-24 10:48:22.411 +07:00 [INF] Token request validation success, {"ClientId":"MyClientId","ClientName":"MyClientId","GrantType":"authorization_code","Scopes":null,"AuthorizationCode":"8azvEk7Eh1UxI68qcgLzSFGlE-bP7yyO4zIU9XAfJb8","RefreshToken":null,"UserName":null,"AuthenticationContextReferenceClasses":null,"Tenant":null,"IdP":null,"Raw":{"client_id":"MyClientId","client_secret":"***REDACTED***","code":"8azvEk7Eh1UxI68qcgLzSFGlE-bP7yyO4zIU9XAfJb8","grant_type":"authorization_code","redirect_uri":"http://localhost:9000/signin-oidc"},"$type":"TokenRequestValidationLog"}
2020-03-24 10:48:22.422 +07:00 [DBG] MyClientId found in database: true
2020-03-24 10:48:22.422 +07:00 [DBG] client configuration validation for client MyClientId succeeded.
2020-03-24 10:48:22.424 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:48:22.426 +07:00 [DBG] Found [] API scopes in database
2020-03-24 10:48:22.426 +07:00 [DBG] Getting claims for access token for client: MyClientId
2020-03-24 10:48:22.426 +07:00 [DBG] Getting claims for access token for subject: 185666ac-7dd1-42da-adb7-27146868e276
2020-03-24 10:48:22.444 +07:00 [DBG] MyClientId found in database: true
2020-03-24 10:48:22.444 +07:00 [DBG] client configuration validation for client MyClientId succeeded.
2020-03-24 10:48:22.446 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:48:22.447 +07:00 [DBG] Found [] API scopes in database
2020-03-24 10:48:22.447 +07:00 [DBG] Getting claims for identity token for subject: 185666ac-7dd1-42da-adb7-27146868e276 and client: MyClientId
2020-03-24 10:48:22.447 +07:00 [DBG] In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.
2020-03-24 10:48:22.449 +07:00 [INF] {"ClientId":"MyClientId","ClientName":"MyClientId","RedirectUri":null,"Endpoint":"Token","SubjectId":"185666ac-7dd1-42da-adb7-27146868e276","Scopes":"openid profile email roles","GrantType":"authorization_code","Tokens":[{"TokenType":"id_token","TokenValue":"****KA5g","$type":"Token"},{"TokenType":"access_token","TokenValue":"****8KZQ","$type":"Token"}],"Category":"Token","Name":"Token Issued Success","EventType":"Success","Id":2000,"Message":null,"ActivityId":"80000042-0002-e100-b63f-84710c7967bb","TimeStamp":"2020-03-24T03:48:22.0000000Z","ProcessId":9668,"LocalIpAddress":"192.168.19.146:5000","RemoteIpAddress":"192.168.19.146","$type":"TokenIssuedSuccessEvent"}
2020-03-24 10:48:22.449 +07:00 [DBG] Token request success.
2020-03-24 10:48:22.459 +07:00 [DBG] Request path /connect/userinfo matched to endpoint type Userinfo
2020-03-24 10:48:22.461 +07:00 [DBG] Endpoint enabled: Userinfo, successfully created handler: IdentityServer4.Endpoints.UserInfoEndpoint
2020-03-24 10:48:22.461 +07:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.UserInfoEndpoint for /connect/userinfo
2020-03-24 10:48:22.461 +07:00 [DBG] Start userinfo request
2020-03-24 10:48:22.461 +07:00 [DBG] Bearer token found in header
2020-03-24 10:48:22.473 +07:00 [DBG] MyClientId found in database: true
2020-03-24 10:48:22.474 +07:00 [DBG] client configuration validation for client MyClientId succeeded.
2020-03-24 10:48:22.482 +07:00 [DBG] MyClientId found in database: true
2020-03-24 10:48:22.482 +07:00 [DBG] client configuration validation for client MyClientId succeeded.
2020-03-24 10:48:22.484 +07:00 [DBG] Calling into custom token validator: IdentityServer4.Validation.DefaultCustomTokenValidator
2020-03-24 10:48:22.484 +07:00 [DBG] Token validation success
{"ClientId":null,"ClientName":null,"ValidateLifetime":true,"AccessTokenType":"Jwt","ExpectedScope":"openid","TokenHandle":null,"JwtId":null,"Claims":{"nbf":1585021702,"exp":1585025302,"iss":"http://192.168.19.146:5000","client_id":"MyClientId","sub":"185666ac-7dd1-42da-adb7-27146868e276","auth_time":1585021702,"idp":"local","scope":["roles","openid","profile","email"],"amr":"pwd"},"$type":"TokenValidationLog"}
2020-03-24 10:48:22.485 +07:00 [DBG] Creating userinfo response
2020-03-24 10:48:22.485 +07:00 [DBG] Scopes in access token: roles openid profile email
2020-03-24 10:48:22.485 +07:00 [DBG] Scopes in access token: roles openid profile email
2020-03-24 10:48:22.487 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:48:22.487 +07:00 [DBG] Requested claim types: role sub updated_at locale zoneinfo birthdate gender website picture preferred_username nickname middle_name given_name family_name name profile email email_verified
2020-03-24 10:48:22.487 +07:00 [DBG] Scopes in access token: roles openid profile email
2020-03-24 10:48:22.489 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:48:22.494 +07:00 [INF] Profile service returned the following claim types: sub name nickname role preferred_username email email_verified
2020-03-24 10:48:22.494 +07:00 [DBG] End userinfo request
This is my log when login use Chrome browser. Not Run Ok!
2020-03-24 10:49:06.461 +07:00 [DBG] CORS request made for path: /Account/Login from origin: null but was ignored because path was not for an allowed IdentityServer CORS endpoint
2020-03-24 10:49:08.602 +07:00 [DBG] Start authorize request protocol validation
2020-03-24 10:49:08.646 +07:00 [DBG] MyClientId found in database: true
2020-03-24 10:49:08.646 +07:00 [DBG] client configuration validation for client MyClientId succeeded.
2020-03-24 10:49:08.646 +07:00 [DBG] Checking for PKCE parameters
2020-03-24 10:49:08.646 +07:00 [DBG] No PKCE used.
2020-03-24 10:49:08.647 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:49:08.649 +07:00 [DBG] Found [] API scopes in database
2020-03-24 10:49:08.651 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:49:08.652 +07:00 [DBG] Found [] API scopes in database
2020-03-24 10:49:08.652 +07:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2020-03-24 10:49:08.672 +07:00 [DBG] Augmenting SignInContext
2020-03-24 10:49:08.672 +07:00 [DBG] Adding idp claim with value: local
2020-03-24 10:49:08.672 +07:00 [DBG] Adding auth_time claim with value: 1585021748
2020-03-24 10:49:08.673 +07:00 [INF] AuthenticationScheme: Identity.Application signed in.
2020-03-24 10:49:08.673 +07:00 [INF] {"Username":"admin","Provider":null,"ProviderUserId":null,"SubjectId":"185666ac-7dd1-42da-adb7-27146868e276","DisplayName":"admin","Endpoint":"UI","ClientId":null,"Category":"Authentication","Name":"User Login Success","EventType":"Success","Id":1000,"Message":null,"ActivityId":"8000001a-0000-d400-b63f-84710c7967bb","TimeStamp":"2020-03-24T03:49:08.0000000Z","ProcessId":9668,"LocalIpAddress":"192.168.19.146:5000","RemoteIpAddress":"192.168.19.146","$type":"UserLoginSuccessEvent"}
2020-03-24 10:49:08.682 +07:00 [DBG] MyClientId found in database: true
2020-03-24 10:49:08.682 +07:00 [DBG] client configuration validation for client MyClientId succeeded.
2020-03-24 10:49:08.687 +07:00 [DBG] Request path /connect/authorize/callback matched to endpoint type Authorize
2020-03-24 10:49:08.688 +07:00 [DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
2020-03-24 10:49:08.688 +07:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback
2020-03-24 10:49:08.688 +07:00 [DBG] Start authorize callback request
2020-03-24 10:49:08.688 +07:00 [DBG] No user present in authorize request
2020-03-24 10:49:08.688 +07:00 [DBG] Start authorize request protocol validation
2020-03-24 10:49:08.699 +07:00 [DBG] MyClientId found in database: true
2020-03-24 10:49:08.699 +07:00 [DBG] client configuration validation for client MyClientId succeeded.
2020-03-24 10:49:08.699 +07:00 [DBG] Checking for PKCE parameters
2020-03-24 10:49:08.699 +07:00 [DBG] No PKCE used.
2020-03-24 10:49:08.701 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:49:08.704 +07:00 [DBG] Found [] API scopes in database
2020-03-24 10:49:08.707 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:49:08.709 +07:00 [DBG] Found [] API scopes in database
2020-03-24 10:49:08.709 +07:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2020-03-24 10:49:08.709 +07:00 [DBG] ValidatedAuthorizeRequest
{"ClientId":"MyClientId","ClientName":"MyClientId","RedirectUri":"http://localhost:9000/signin-oidc","AllowedRedirectUris":["http://localhost:9000/signin-oidc"],"SubjectId":"anonymous","ResponseType":"code id_token","ResponseMode":"form_post","GrantType":"hybrid","RequestedScopes":"openid profile email roles","State":"CfDJ8L-aL-rVv9BEivLiZ72cvHLr8BPnZdisEPI6Hh7gpkp_ruR9jIZwH4v1-q9bxEW81AoWa_ICazmk2zBLbZE-s-86YVCH6DU_Px9YzvM3K384VnKt6FhlsHTtOYG2mNMrGUrmHsLGr7wsANJ0XqXYePb8CsCbLS4NBXwyYSAM26hxAGoOO2yBk0ilncqDBwjwpZ3NR99L-0EURpXZpXEPR5PvaZ2h7e-GlDVQypk4V5UoyGqi48o3-xp6HPUeppIJuHtQCjHD1wW5FajAgytakD1XBhiY9f8SXOSg3s0zBz7t","UiLocales":null,"Nonce":"637206181012200489.ODZmYjU3MzMtY2U4Mi00ZDM1LWE3MWQtZTE4ZWNmNmMxZGY0ODQ5YzExYzctOWZjOS00YzAyLTg5YWEtYjk1MDA3ZTkzNzY3","AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":null,"MaxAge":null,"LoginHint":null,"SessionId":"","Raw":{"client_id":"MyClientId","redirect_uri":"http://localhost:9000/signin-oidc","response_type":"code id_token","scope":"openid profile email roles","response_mode":"form_post","nonce":"637206181012200489.ODZmYjU3MzMtY2U4Mi00ZDM1LWE3MWQtZTE4ZWNmNmMxZGY0ODQ5YzExYzctOWZjOS00YzAyLTg5YWEtYjk1MDA3ZTkzNzY3","state":"CfDJ8L-aL-rVv9BEivLiZ72cvHLr8BPnZdisEPI6Hh7gpkp_ruR9jIZwH4v1-q9bxEW81AoWa_ICazmk2zBLbZE-s-86YVCH6DU_Px9YzvM3K384VnKt6FhlsHTtOYG2mNMrGUrmHsLGr7wsANJ0XqXYePb8CsCbLS4NBXwyYSAM26hxAGoOO2yBk0ilncqDBwjwpZ3NR99L-0EURpXZpXEPR5PvaZ2h7e-GlDVQypk4V5UoyGqi48o3-xp6HPUeppIJuHtQCjHD1wW5FajAgytakD1XBhiY9f8SXOSg3s0zBz7t","x-client-SKU":"ID_NETSTANDARD2_0","x-client-ver":"5.5.0.0"},"$type":"AuthorizeRequestValidationLog"}
2020-03-24 10:49:08.709 +07:00 [INF] Showing login: User is not authenticated
2020-03-24 10:49:09.445 +07:00 [DBG] Start authorize request protocol validation
2020-03-24 10:49:09.479 +07:00 [DBG] MyClientId found in database: true
2020-03-24 10:49:09.479 +07:00 [DBG] client configuration validation for client MyClientId succeeded.
2020-03-24 10:49:09.479 +07:00 [DBG] Checking for PKCE parameters
2020-03-24 10:49:09.479 +07:00 [DBG] No PKCE used.
2020-03-24 10:49:09.481 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:49:09.483 +07:00 [DBG] Found [] API scopes in database
2020-03-24 10:49:09.484 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database
2020-03-24 10:49:09.488 +07:00 [DBG] Found [] API scopes in database
2020-03-24 10:49:09.489 +07:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2020-03-24 10:49:09.501 +07:00 [DBG] MyClientId found in database: true
2020-03-24 10:49:09.501 +07:00 [DBG] client configuration validation for client MyClientId succeeded.
It worked on my machine by setting app.UseCookiePolicy(new CookiePolicyOptions { MinimumSameSitePolicy = SameSiteMode.Lax });
I also have the same problem. if using https everything is fine. but using http login will redirecting back to login page!
I stumbled upon this issue when trying to create docker containers meant for developer use. We have a number of applications using IS4 and microservices using the issued tokens.
On production environments we use https with no issue. But the production certificates can't be used in dev, and getting the containers to talk to each other over https with self signed certificates was getting complicated.
So I built the containers to use only http and I got this back-to-log-in-page problem.
Cleaning the cookies manually in the browser works with Firefox, and since http is meant for dev only we are ok with this. The problem is Chrome still refuses to work even with a clean slate.
To get Chrome to play ball, adding the line of code suggested by @chinaq app.UseCookiePolicy(new CookiePolicyOptions { MinimumSameSitePolicy = SameSiteMode.Lax }); helps but then we get an error on the client. To fix this I had to add configurations to the cookie like this:
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies", options =>
{
options.Cookie.Name = "appcookie";
options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
})
.AddOpenIdConnect("oidc", options =>
{
options.CorrelationCookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;
options.NonceCookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;
//...
}
