TechQA.

How do you use Thinktecture IdentityServer 3 with Certificate setup

1.5k views Asked by At

I want to use Thinktecture IdentityServer 3 to provide STS to ASP.NET site but I don't know how to setup the certificates.

How do I use SelfHost (InMem with WS-Fed) Thinktecture Identity Server 3 as STS for a local IIS site?

The problem I have is as follows:

I've used this client in VS Development Server: https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Clients/MvcOwinWsFederation

with the SelfHost (InMem with WS-Fed): IdentityServer3.Samples/tree/master/source/SelfHost%20(InMem%20with%20WS-Fed)

It all works, connects, authenticates and displays claims.

But when I publish the client to local IIS site called WSFedClient and that tries to authenticate against the same self-host STS, but I get this error:

"The remote certificate is invalid according to the validation procedure."

I've followed this: https://github.com/IdentityServer/IdentityServer3/issues/553

...but I'm still confused about what it is I need to do.

iis certificate thinktecture-ident-server identityserver3 thinktecture
Original Q&A
3

There are 3 answers

2
Pankaj Kapare On

Check following things regarding your certificate. Most probably point # 2 below causing this error.

  1. Check if CA's root certificate exists in Trusted Root Certification Authorities store.
  2. Check "Issued To" field of certificate matches with host name of identity server's endpoint url.
  3. Check expiry date of certificate.
  4. Check if certificate is not revoked by CA.
1
Lynn Crumbling On

Try installing your cert into the "Trusted Root Certificate Authorities" store.

1) Launch the mmc. At the start menu, enter MMC.exe and hit enter.

2) Press control-M to add a module. Select Certificates, and click Add.

3) Select Computer account, then Next, select Local Computer, and hit Finish. Then hit OK.

4) Expand Certificates. Right-click on "Trusted Root Certificate Authorities", and select "All tasks", then "Import..."

5) Browse out to the cert and select it. You probably will need to check the box to allow it to be exported, which means you'll probably have to enter the password, which you should know, if you created it.

1
rawel On

It looks like you must configure SSL endpoint for callback URI as well. That is WSFedClient in your sample.

Related Questions in IIS

Related Questions in CERTIFICATE

Related Questions in THINKTECTURE-IDENT-SERVER

Related Questions in IDENTITYSERVER3

Related Questions in THINKTECTURE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions