docker - IdentityServer4:无法从“{servicename}.well-known/openid-configuration”获取配置。码头工人问题
问题描述
我有一个identityserver4
容器 ( identitymanagement:5003/localhost:5003
) 和一个 mvc 应用程序 ( website.com:5000/localhost:5000
)。
一旦两者都在docker中运行并且我尝试去localhost:5000/home/login
(被重定向到identityserver
)我得到错误
无法从以下位置获取配置:“ https://identitymanagement:5003/.well-known/openid-configuration ”。
这是我所有不同的代码部分
MVC:登录调用
public IActionResult Login()
{
return Challenge(new AuthenticationProperties
{
RedirectUri = "/Manage"
});
}
MVC:启动.cs
public static IServiceCollection AddCustomAuthentication(this IServiceCollection services, IConfiguration configuration)
{
var callBackUrl = configuration.GetValue<string>("logoutCallbackUrl");
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(x=>x.ExpireTimeSpan = TimeSpan.FromHours(2))
.AddOpenIdConnect(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = "https://identitymanagement:5003";
options.SignedOutRedirectUri = callBackUrl.ToString();
options.ClientId = "website";
options.ClientSecret = "secret";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.RequireHttpsMetadata = false;
options.Scope.Add("openid");
options.Scope.Add("profile");
});
return services;
}
}
身份服务器启动.cs
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddDefaultUI(UIFramework.Bootstrap4)
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<ApplicationUser>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Error");
}
app.UseStaticFiles();
app.UseIdentityServer();
app.UseMvcWithDefaultRoute();
}
}
身份服务器:Config.cs
public class Config
{
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("resourceApi", "API Application")
};
}
// scopes define the resources in your system
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email()
};
}
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
// OpenID Connect implicit flow client (MVC)
new Client
{
ClientId = "website",
ClientName = "Public Website",
AllowedGrantTypes = GrantTypes.Hybrid,
RequireConsent = false,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "https://kryptoevents.com:5000/signin-oidc" },
PostLogoutRedirectUris = { "https://kryptoevents.com:5000/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
}
}
};
}
}
docker-compose.override.yml
identitymanagement:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=44378
ports:
- "60807:80"
- "5003:443"
website.com:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=44395
ports:
- "56530:80"
- "5000:443"
注意
如果我不在 docker 中运行服务,而只是在 IIS 上运行它们,而不是options.Authority = "https://identitymanagement:5003"
; 将其更改为"https://localhost:5003"
then 一切都按预期工作。
docker内部似乎存在问题并且无法解决identitymanagment
我也尝试使用容器的 IP 地址而不是,identitymanagement
我得到了同样的错误。
在 docker 中运行时,在证书方面我需要做任何特别的事情吗?
解决方案
也许在你的 docker.Yml 尝试改变
identitymanagement:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80;https://+:5003
- ASPNETCORE_HTTPS_PORT=5003
ports:
- "60807:80"
- "5003:5003"
website.com:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80;https://+:5000
- ASPNETCORE_HTTPS_PORT=5000
ports:
- "56530:80"
- "5000:5000"
因为在您的 Identityserver Config.cs 和 MVC: Startup.cs 中,您设置了这些特定端口
推荐阅读
- javascript - 如何在angularjs中转换为多维数组
- shader - 你如何在搅拌机循环节点着色器中添加时间关系?
- android - 安全性 - 移动设备(Android 和 iOS)是否阻止/丢弃 ICMP ECHO 请求?
- r - 每个基因的Fisher精确检验
- lucene - Kibana 中的 Lucene 查询语法
- angular - 每次订阅 Angular 中的 observable 时,我们如何获取旧数据?
- angular - angular ng build --prod 不保留类的名称(MyClass.constructor.name)
- spring-boot - 如何在 webflux 中调试?
- javascript - 遍历表并将值存储为键/值对
- c# - 在不使用 (Table-Valued-Parameter) 类型的情况下将集合作为 SQL 参数添加到 SqlCommand