How to configure Duende IdentityServer 6 to use HTTPS (self-signed certificate) and Docker compose

Question

I have the following scenario:

• I have an Identity Provider (IdP) implemented by Duende IdentityServer 6 within a container.
• I have a client app (client2) that needs to authenticate against the IdP using OIDC through HTTPS.

I'm using dev-certs https to create a self-signed certificate as a valid certificate. (see https://learn.microsoft.com/en-us/aspnet/core/security/docker-compose-https?view=aspnetcore-6.0 for more details)

I've created a docker compose file to run the application using this configuration (simplified version):

services:
  idp:
    build: ./Identity
    ports:
      - "5000:80"
      - "7000:443"
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_HTTPS_PORT=7000
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/Identity.pfx
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<the-identity-password>
      - SIGNCRED_PATH=/https/SignCred.pfx #required for Duende IdentityServer to sign tokens
      - SIGNCRED_PASS=<another-password>
    volumes:
      - my_data:/https
    networks:
      - my_net
  cli2:
    build: ./Client2
    ports:
      - "5002:80"
      - "7002:443"
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_HTTPS_PORT=7002
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/Client2.pfx
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<the-client2-password>
      - AUTHORITY=https://idp #I think this is the main problem
    volumes:
      - my_data:/https
    networks:
      - my_net
volumes:
  my_data:
    driver: local
    driver_opts:
      type: none
      device: C:\Users\<my-user>\.aspnet\https
      o: bind
networks:
  my_net:
    driver: bridge

When I try to log in from the client2 app I get the following error:

cli2  | fail: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
cli2  |       An unhandled exception has occurred while executing the request.
cli2  |       System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
cli2  |        ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
cli2  |        ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
cli2  |        ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors

From my understanding, using the container name 'idp' doesn't work because the self-signed certificate I've created was for 'localhost', so I'm not able to use the container name. But I can't use the 'localhost' either because it will try to resolve the internal address within the container and not the idp container localhost.

Any help?

Answer 1

try to add following line in your program.cs file and see if that works.

app.UseHttpsRedirection();