Unable to obtain configuration from: '/.well-known/openid-configuration' when hosted on IIS
See original GitHub issueHi
I use Version: OpenIddict 2.0.0-rc2-final OpenIddict.EntityFrameworkCore 2.0.0-rc2-final OpenIddict.Mvc 2.0.0-rc2-final
with the folowing configuration:
services.AddOpenIddict(options =>
{
// Register the Entity Framework stores.
options.AddEntityFrameworkCoreStores<AuthContext>();
options.AddMvcBinders();
// Enable the token endpoint (required to use the password flow).
options.EnableTokenEndpoint("/api/authorization/token")
.EnableLogoutEndpoint("/api/authorization/logout");
options.AllowPasswordFlow()
.AllowRefreshTokenFlow()
.SetAccessTokenLifetime(TimeSpan.FromHours(2))
.SetRefreshTokenLifetime(TimeSpan.FromDays(180));
options.DisableHttpsRequirement();
options.AddSigningCertificate(cert);
options.UseJsonWebTokens();
});
//// configure Jwt access token authentication
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
services
.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = configuration["JwtConfiguration:Authority"]?.ToString();
options.Audience = "resource_server";
options.MetadataAddress = "/.well-known/openid-configuration";
options.RequireHttpsMetadata = false;
options.IncludeErrorDetails = true;
options.TokenValidationParameters = new TokenValidationParameters()
{
NameClaimType = OpenIdConnectConstants.Claims.Subject,
RoleClaimType = OpenIdConnectConstants.Claims.Role,
};
});
OpenIddict is included in my API, also my SpaClient runs inside this single Application. If I run this in my Visual Studio with IISExpress everything works fine. But on my Test Server I have this error:
System.InvalidOperationException: IDX10803: Unable to obtain configuration from: ‘/.well-known/openid-configuration’. —> System.IO.IOException: IDX10804: Unable to retrieve document from: ‘/.well-known/openid-configuration’. —> System.InvalidOperationException: An invalid request URI was provided. The request URI must either be an absolute URI or BaseAddress must be set.
I tried diffrent configurations for the MetadataAddress but nothing works. Local and on the server I can open the endpoint “/.well-known/openid-configuration” without any problem.
I also tried to remove the IP binding from the website as described here: https://github.com/openiddict/openiddict-core/issues/509 sadly with no success.
Any idea what is wrong? After 2 days of try and error on this single problem I run out of ideas…
Issue Analytics
- State:
- Created 5 years ago
- Reactions:1
- Comments:13 (3 by maintainers)
Top GitHub Comments
Ok, maybe the problem ist that on the server we have dotnet 4.6.1 and the solution target is net47…
sadly I have to wait until beginning of next week until infrastructure team has installed the new version on the test server… I’m not allowed to do that 😦
so then I close this issue and if I somehow find a fix I add the info here. many thanks for you help and also thanks for the library!
Confirm the issue on .NET 6, Windows 10 (doesn’t happen on macOS and Linux). It’s occurred on the client side, so clearly the .NET Identity problem, not OpenIdDict. I suspect it’s caused by a self-issued certificate. Also confirm that setting
options.MetadataAddress
andoptions.RequireHttpsMetadata
(as discussed above) didn’t make a difference.