Identity Server 404 after login (stuck on signin-oidc)
It looks like you forgot to add a call to UseAuthentication()
in your Startup.Configure
method. This middleware is what enables callbacks to e.g. /signin-oidc
to be handled by your client application:
app.UseRouting();
app.UseAuthentication(); // <-- Add it here.
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints
.MapDefaultControllerRoute()
.RequireAuthorization();
});
It's mentioned in the guide you referenced:
And then to ensure the authentication services execute on each request, add
UseAuthentication
toConfigure
inStartup
:
Ruhrpottpatriot
Currently coordinator and developer on the Open-Source GW2 API wrapper GW2.NET Which can be found on Codeplex or at the official GW2 Forums
Updated on June 20, 2022Comments
-
Ruhrpottpatriot almost 2 years
I followed the Identity Server 4 documentation to set up an example server on my local machine. My problem is, that after I log in the application gets stuck on "signin-oidc" page and the logs indicate a 404. I followed the instructions to a T, even deleting everything and starting fresh. Therefore the current setup is a barebones IdSvr4 project (is4inmem) and a fresh ASPNetCore MVC application as per the documentation at http://docs.identityserver.io/en/latest/quickstarts/2_interactive_aspnetcore.html
The only change I did was to change all URLs to HTTPs and use the appsettings.json file instead of the
Config
class. Since I didn't change anything substantial I'm at my wits end.The log for my MVC look like this
info: Microsoft.AspNetCore.Hosting.Diagnostics[1] Request starting HTTP/2 GET https://localhost:44377/Home/Claims info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2] Authorization failed. info: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[12] AuthenticationScheme: oidc was challenged. info: Microsoft.AspNetCore.Hosting.Diagnostics[2] Request finished in 559.8895ms 200 text/html;charset=UTF-8 info: Microsoft.AspNetCore.Hosting.Diagnostics[1] Request starting HTTP/2 POST https://localhost:44377/signin-oidc application/x-www-form-urlencoded 547 info: Microsoft.AspNetCore.Hosting.Diagnostics[2] Request finished in 3.2205ms 404
While the log of the main IdSvr4 project look like this
[00:26:01 Debug] IdentityServer4.Validation.AuthorizeRequestValidator Start authorize request protocol validation [00:26:01 Debug] IdentityServer4.Stores.ValidatingClientStore client configuration validation for client mvc succeeded. [00:26:01 Debug] IdentityServer4.Validation.AuthorizeRequestValidator Checking for PKCE parameters [00:26:01 Debug] IdentityServer4.Validation.AuthorizeRequestValidator Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator [00:26:01 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint ValidatedAuthorizeRequest {"ClientId": "mvc", "ClientName": "MVC Client", "RedirectUri": "https://localhost:44377/signin-oidc", "AllowedRedirectUris": ["https://localhost:44377/signin-oidc"], "SubjectId": "88421113", "ResponseType": "code", "ResponseMode": "form_post", "GrantType": "authorization_code", "RequestedScopes": "openid profile", "State": "CfDJ8Pdtr1YS18ZOp7dIVYqa05dMp_XQH4T-n8WcLhu5aBGOHMMP_JTWt2I4pM0JjtxMBddtz5WSWy-rkrZTqXLwr-BllETJJds86UiTcvUvxfQ7cCvVoM5I-gofWE-LrKJlrdDnhC4ofF4MGMfNAdYvVmT7J9fCEWJzuAspiyK8KBXGWiCZhw77isVR1q3hu7s3cKCvcuNKMi2jww_tjdOi8IYdZ8vTTlmA6tL8NpWDZaY1J6mj1WUzess9FQ2Bc2maeSYy4NBKCfPIITLq4aiHmCVb97itGJsIbImHQm2cTo43B_m7rYIPq-RHtGAgXU6l81mIMwmxjhJhsfhH28KExQitCgPNewh9ltpLgumr4Zm49TuUMubYy6L6sYM7jzeekA", "UiLocales": null, "Nonce": "637086795594073564.YWI5YWMzMTgtZjU0Ni00YjI5LTg1ZTMtOGViN2JjYjgwY2YxYzAxZTY2YzQtMjg2Yy00YjkyLWE0ZGYtODYzNDA1NWIwYWY5", "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": null, "MaxAge": null, "LoginHint": null, "SessionId": "k6AJ_-EdagzerxIIl6oQmA", "Raw": {"client_id": "mvc", "redirect_uri": "https://localhost:44377/signin-oidc", "response_type": "code", "scope": "openid profile", "code_challenge": "sHPH6r59Ij8Iap6esr_3opZrue72ZdOVxBg-20IQMs4", "code_challenge_method": "S256", "response_mode": "form_post", "nonce": "637086795594073564.YWI5YWMzMTgtZjU0Ni00YjI5LTg1ZTMtOGViN2JjYjgwY2YxYzAxZTY2YzQtMjg2Yy00YjkyLWE0ZGYtODYzNDA1NWIwYWY5", "state": "CfDJ8Pdtr1YS18ZOp7dIVYqa05dMp_XQH4T-n8WcLhu5aBGOHMMP_JTWt2I4pM0JjtxMBddtz5WSWy-rkrZTqXLwr-BllETJJds86UiTcvUvxfQ7cCvVoM5I-gofWE-LrKJlrdDnhC4ofF4MGMfNAdYvVmT7J9fCEWJzuAspiyK8KBXGWiCZhw77isVR1q3hu7s3cKCvcuNKMi2jww_tjdOi8IYdZ8vTTlmA6tL8NpWDZaY1J6mj1WUzess9FQ2Bc2maeSYy4NBKCfPIITLq4aiHmCVb97itGJsIbImHQm2cTo43B_m7rYIPq-RHtGAgXU6l81mIMwmxjhJhsfhH28KExQitCgPNewh9ltpLgumr4Zm49TuUMubYy6L6sYM7jzeekA"}, "$type": "AuthorizeRequestValidationLog"} [00:26:01 Debug] IdentityServer4.Test.TestUserProfileService IsActive called from: AuthorizeEndpoint [00:26:01 Debug] IdentityServer4.Stores.DefaultUserConsentStore user_consent grant with value: mvc|88421113 not found in store. [00:26:01 Debug] IdentityServer4.Services.DefaultConsentService Found no prior consent from consent store, consent is required [00:26:01 Information] IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator User consented to scopes: ["openid", "profile"] [00:26:01 Debug] IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator User indicated to remember consent for scopes: ["openid", "profile"] [00:26:01 Debug] IdentityServer4.Services.DefaultConsentService Client allows remembering consent, and consent given. Updating consent store for subject: 88421113 [00:26:01 Debug] IdentityServer4.ResponseHandling.AuthorizeResponseGenerator Creating Authorization Code Flow response. [00:26:01 Information] IdentityServer4.Events.DefaultEventService {"ClientId": "mvc", "ClientName": "MVC Client", "RedirectUri": "https://localhost:44377/signin-oidc", "Endpoint": "Authorize", "SubjectId": "88421113", "Scopes": "openid profile", "GrantType": "authorization_code", "Tokens": [{"TokenType": "code", "TokenValue": "****MUrA", "$type": "Token"}], "Category": "Token", "Name": "Token Issued Success", "EventType": "Success", "Id": 2000, "Message": null, "ActivityId": "0HLR322N3G5DT:00000017", "TimeStamp": "2019-11-06T23:26:01.0000000Z", "ProcessId": 3312, "LocalIpAddress": "::1:44374", "RemoteIpAddress": "::1", "$type": "TokenIssuedSuccessEvent"} [00:26:01 Debug] IdentityServer4.Endpoints.AuthorizeCallbackEndpoint Authorize endpoint response {"SubjectId": "88421113", "ClientId": "mvc", "RedirectUri": "https://localhost:44377/signin-oidc", "State": "CfDJ8Pdtr1YS18ZOp7dIVYqa05dMp_XQH4T-n8WcLhu5aBGOHMMP_JTWt2I4pM0JjtxMBddtz5WSWy-rkrZTqXLwr-BllETJJds86UiTcvUvxfQ7cCvVoM5I-gofWE-LrKJlrdDnhC4ofF4MGMfNAdYvVmT7J9fCEWJzuAspiyK8KBXGWiCZhw77isVR1q3hu7s3cKCvcuNKMi2jww_tjdOi8IYdZ8vTTlmA6tL8NpWDZaY1J6mj1WUzess9FQ2Bc2maeSYy4NBKCfPIITLq4aiHmCVb97itGJsIbImHQm2cTo43B_m7rYIPq-RHtGAgXU6l81mIMwmxjhJhsfhH28KExQitCgPNewh9ltpLgumr4Zm49TuUMubYy6L6sYM7jzeekA", "Scope": "openid profile", "Error": null, "ErrorDescription": null, "$type": "AuthorizeResponseLog"}
Configuration for the client is this
{ "ClientId": "mvc", "ClientName": "MVC Client", // 49C1A7E1-0C79-4A89-A3D6-A37998FB86B0 "ClientSecrets": [ { "Value": "o90IbCACXKUkunXoa18cODcLKnQTbjOo5ihEw9j58+8=" } ], "AllowedGrantTypes": [ "client_credentials", "authorization_code" ], "RequirePkce": true, "AllowedScopes": [ "openid", "profile", "api1" ], "AllowOfflineAccess": true, "RedirectUris": [ "https://localhost:44377/signin-oidc" ], "FrontChannelLogoutUris": [ "https://localhost:44377/signout-oidc" ], "PostLogoutRedirectUris": [ "https://localhost:44377/signout-callback-oidc" ] },
and the client startup look like this
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddControllersWithViews(); JwtSecurityTokenHandler.DefaultMapInboundClaims = false; services.AddAuthentication(opt => { opt.DefaultScheme = "Cookies"; opt.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies") .AddOpenIdConnect("oidc", opt => { opt.Authority = "https://localhost:44374"; opt.RequireHttpsMetadata = true; opt.ClientId = Configuration["OIDC:ClientId"]; opt.ClientSecret = Configuration["OIDC:Secret"]; opt.ResponseType = "code"; opt.SaveTokens = true; opt.AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost; }); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler("/Home/Error"); // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); } app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseRouting(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints .MapDefaultControllerRoute() .RequireAuthorization(); }); }
-
Enrico over 2 yearsQuestion is opt.SaveTokens = true; required?
-
-
JvR almost 4 yearsThis works 100% thanks! So the
UseAuthentication()
registers that route by default? This doesn't look like it has anything to do with IdentityServer specifically..? Is it part of OIDC standards/specifications? Is it configurable? -
Kirk Larkin almost 4 years@JvR Yeah, that's right.
UseAuthentication
registers a handler for the route, which isn't specific to IdentityServer; it's more about the OIDC protocol. You can change the route itself usingCallbackPath
. e.g..AddOpenIdConnect(o => o.CallbackPath = "/some-path")
. -
Stack Undefined almost 3 yearsThank you! Don't know how I ended up removing the UseAuthentication() but my startup.cs had just the UseAuthorization(). I know earlier I had both middleware. I've been pulling my hair for hours because expected events weren't firing. It's so much easier to overlook trivial stuff even if you go over the entire configure() method many times.