Identity server load balancing fails.Not working when multiple instances of identity server are launched.With single instance of Identity Server,It is working fine as expected. Is it because my IdentityServer4 implementation does not persist refresh token ?
Initially my identity server had everything in-memory store.now that after the Identity server load balancing failure, tried implementing IPersistantGrantStore and adding AddOperationalStore ,It creates the DB .But nothing gets stored there.Startup.cs is below.Correct me if there is anything wrong.
public void ConfigureServices(IServiceCollection services)
{
ApplicationSettings applicationSettings = Configuration
.GetSection("ApplicationSettings")
.Get<ApplicationSettings>();
DatabaseSettings dbSettings = Configuration
.GetSection("DatabaseSettings")
.Get<DatabaseSettings>() ?? new DatabaseSettings();
LoggingSettings loggingSettings = Configuration
.GetSection("LoggingSettings")
.Get<LoggingSettings>();
var migrationsAssembly = this.GetType().Assembly.GetName().Name;
services.AddMvc();
services.InitialiseDbContext<PersistedGrantDbContext>(dbSettings);
var appSettingsSection = Configuration.GetSection("ApplicationSettings");
var appSettings = appSettingsSection.Get<ApplicationSettings>();
services.Configure<ApplicationSettings>(appSettingsSection);
.
services.AddCors(options =>
{
options.AddPolicy("AllowAllOriginsHeadersAndMethods",
builder => builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod());
});
var identityServerBuilder = services
.AddIdentityServer(iso =>
{
if (String.IsNullOrEmpty(applicationSettings.PublicOriginUri) == false)
iso.PublicOrigin = applicationSettings.PublicOriginUri;
if (String.IsNullOrEmpty(applicationSettings.IssuerUri) == false)
iso.IssuerUri = applicationSettings.IssuerUri;
if (String.IsNullOrEmpty(applicationSettings.LoginUrl) == false)
iso.UserInteraction.LoginUrl = applicationSettings.LoginUrl;
});
if (CurrentEnvironment.IsDevelopment())
{
identityServerBuilder.AddDeveloperSigningCredential();
}
else
{
identityServerBuilder.AddSigningCredential(new CertificateManager().GetCertificate(applicationSettings.CertificateKey, applicationSettings.CertificatePrivateKey,
applicationSettings.CertificatePassword, string.Empty, string.Empty, applicationSettings.AWSEndPointRegion));
}
// this adds the operational data from DB (codes, tokens, consents)
identityServerBuilder.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseNpgsql(dbSettings.ConnectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = 10; // interval in seconds, short for testing
});
services.AddSingleton<IUserFacade, UserFacade>();
services.AddTransient<IProfileService, ProfileService>();
// Setup dependency injection (TODO: Replace the 'InMemoryXxxxx' services with real ones):
services.AddScoped<IConfigurationFacade, InMemoryConfigurationFacade>();
services.AddSingleton<IClientStore, JsonFileClientStore>();
services.AddSingleton<IResourceStore, ResourcesStore>();
services.AddScoped<IHttpContextFacade, HttpContextFacade>();
services.AddScoped<IUserContextFacade, UserContextFacade>();
services.AddSingleton<IRestHelper, RestHelper>();
services.AddTransient<IPersistedGrantStore, PersistedGrantStore>();
services.AddHttpClient();
ServiceProvider serviceProvider = services.BuildServiceProvider();
IConfigurationFacade config = serviceProvider.GetService<IConfigurationFacade>();
services
.AddAuthentication(IdentityServerCookieName)
.AddCookie(IdentityServerCookieName, options =>
{
options.ExpireTimeSpan = config.UserCookieInactiveLife();
});
}
private void InitializeDatabase(IApplicationBuilder app)
{
using (var serviceScope = app.ApplicationServices.GetService<IServiceScopeFactory>().CreateScope())
{
serviceScope.ServiceProvider.GetRequiredService<PersistedGrantDbContext>().Database.Migrate();
//TODO-uncomment the below while enabling identityServerBuilder.AddConfigurationStore
//var context = serviceScope.ServiceProvider.GetRequiredService<ConfigurationDbContext>();
//context.Database.Migrate();
}
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
InitializeDatabase(app);
app.UseCors("AllowAllOriginsHeadersAndMethods");
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseIdentityServer();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
}
Identity Server Load balancing failure needs to resolved