IDX10803: Unable to create to obtain configuration
Solution 1
Another developer on the team helped find the issue. The Windows Authentication host running at port 44305 had anonymous disabled. When this was enabled, the redirected process began to work again.
Regrettably, we didn't actually detect the error, but, through trial & error (hacking) it was fixed. My main question was how do I debug an OWIN app so I could actually see the HTTP 500's details. I wish the IdentityServer3 logs could have recorded the response from the Win Auth host. Also why isn't that a 401 response code?
Solution 2
I had the same problem - it seems that the SSL cert was untrusted. To resolve this I moved the "localhost" IIS Express Cert from the Personal CertStore to the Trusted Root Certification Authorities and the issue was gone.
Solution 3
I had this problem, and needed to trust the certificate as per Robert Muehsig answer.
But this on its own wasn't enough. I'm using Bearer Token Authentication. A bit of further digging revealed that I needed to set the DelayLoadMetadata flag to true.
So in my Web API startup:
app.UseIdentityServerBearerTokenAuthentication(
new IdentityServerBearerTokenAuthenticationOptions
{
DelayLoadMetadata=true
});
After this and the certificate trust change it started working. I know this isn't the same config as the original problem, but during my searching I kept coming across this post so thought I'd put this here for anyone else who stumbles across it...
Solution 4
From my memory, this error is thrown mostly due to the certificate trust / network access issue. Since you are running all the components in local host, it is definitely not a network issue. I assume you are running from VS Dev environment.
Couple of things:
- Try hosting the components in the IIS server
- Instead of using localhost, create a self-signed certificate for your host and try assigning your hostname as the subject name (Please note - idsrv3test certificate for signing and self-signed certificate for host SSL)
Also, Assign permissions to read the certificate as described here https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Certificates
If you still face this issue, try monitoring the traffic via Wireshark (Fiddler won't work in this case )
Solution 5
For testing purposes, I added the below block as the first piece of middleware in my pipeline. This will actually log the exception whenever one occurs. This lead me to see that my 500 actually was a 401.
appBuilder.Use(async (context, next) =>
{
try
{
await next();
}
catch(Exception ex)
{
Log.Error(ex, "OWIN error.");
}
});
MADCookie
There is nothing wrong with being lazy when it shows its self as efficiently using your time and tools to produce a product acceptable to yourself and your team.
Updated on July 27, 2022Comments
-
MADCookie over 1 year
My configuration has 3 sites: Identity Server (Idp), Windows Authentication host and my end-user client site. On the client site, I request a controller decorated with
[Authorize]
and Identity Server kicks in.The windows host at port 44305 is apparently throwing an exception and the identity server is receiving a status 500. I can access the windows host site URL without any problem. I get back an XML document
How do I debug and find out what that exception or error is that is stopping this authentication process? I get a 3 part exception with the inner most as the following
InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://localhost:44305/'. Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__3.MoveNext() in ConfigurationManager.cs
The Windows Host OWIN startup is using UseWindowsAuthenticationService
The Identity Server OWIN is using AuthenticationOptions = WsFederationAuthenticationOptions
var wsFederationOptions = new WsFederationAuthenticationOptions { AuthenticationType = "windows", Caption = "Windows", SignInAsAuthenticationType = signInAsType, MetadataAddress = "https://localhost:44305/", Wtrealm = "urn:idsrv3" }; app.UseWsFederationAuthentication(wsFederationOptions); }
Here are the requests and responses
Request URL:https://localhost:44315/ Request Method:GET Status Code:302 Found Response:Location:https://localhost:16433/connect/authorize?client_id=hms2015&redirect_uri=... Request: https://localhost:16433/connect/authorize?client_id=hms2015&redirect_uri=... Request Method:GET Status Code:302 Found Location:https://localhost:16433/login?signin=fde7508a6634698847c3076c9028604b Request URL:https://localhost:16433/login?signin=fde7508a6634698847c3076c9028604b Request Method:GET Status Code:500 Internal Server Error
I have no visible SSL issues. With my browser, I can open all the pages from the different sites without any warning. I add my localhost IIS Express cert to the Trusted Root Cert.