I have the following scenario:
- I have an Identity Provider (IdP) implemented by Duende IdentityServer 6 within a container.
- I have a client app (client2) that needs to authenticate against the IdP using OIDC through HTTPS.
I'm using dev-certs https to create a self-signed certificate as a valid certificate. (see https://learn.microsoft.com/en-us/aspnet/core/security/docker-compose-https?view=aspnetcore-6.0 for more details)
I've created a docker compose file to run the application using this configuration (simplified version):
services:
idp:
build: ./Identity
ports:
- "5000:80"
- "7000:443"
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=7000
- ASPNETCORE_Kestrel__Certificates__Default__Path=/https/Identity.pfx
- ASPNETCORE_Kestrel__Certificates__Default__Password=<the-identity-password>
- SIGNCRED_PATH=/https/SignCred.pfx #required for Duende IdentityServer to sign tokens
- SIGNCRED_PASS=<another-password>
volumes:
- my_data:/https
networks:
- my_net
cli2:
build: ./Client2
ports:
- "5002:80"
- "7002:443"
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=7002
- ASPNETCORE_Kestrel__Certificates__Default__Path=/https/Client2.pfx
- ASPNETCORE_Kestrel__Certificates__Default__Password=<the-client2-password>
- AUTHORITY=https://idp #I think this is the main problem
volumes:
- my_data:/https
networks:
- my_net
volumes:
my_data:
driver: local
driver_opts:
type: none
device: C:\Users\<my-user>\.aspnet\https
o: bind
networks:
my_net:
driver: bridge
When I try to log in from the client2 app I get the following error:
cli2 | fail: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
cli2 | An unhandled exception has occurred while executing the request.
cli2 | System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
cli2 | ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
cli2 | ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
cli2 | ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
From my understanding, using the container name 'idp' doesn't work because the self-signed certificate I've created was for 'localhost', so I'm not able to use the container name. But I can't use the 'localhost' either because it will try to resolve the internal address within the container and not the idp container localhost.
Any help?
try to add following line in your program.cs file and see if that works.
app.UseHttpsRedirection();