I am trying to configure IdentityServer 4 to work in Docker the identity server container itself is running but I can't connect to it from the clients.
My application consists of:
My docker compose looks like
services:
client:
image: ${DOCKER_REGISTRY-}client
ports:
- '6001:80'
build:
context: .
dockerfile: UI/client.UI/Dockerfile
depends_on:
- db
identityserver:
image: ${DOCKER_REGISTRY-}identityserver
ports:
- '5001:443'
build:
context: .
dockerfile: Security/IdentityServer/Dockerfile
depends_on:
- db
apiservice:
image: ${DOCKER_REGISTRY-}apiservice
build:
context: .
dockerfile: API/Services/api.Service/Dockerfile
depends_on:
- db
db:
image: "mcr.microsoft.com/mssql/server:2019-latest"
environment:
SA_PASSWORD: "PaSSw0rd"
ACCEPT_EULA: "Y"
MSSQL_PID: Express
ports:
- "1433:1433"
volumes:
- mssql-volume:/var/opt/mssql
networks:
default:
driver: bridge
volumes:
mssql-volume:
My Identityserver StartUp class:
public void ConfigureServices(IServiceCollection services)
{
....
var builder = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
options.UserInteraction.LoginUrl = "/Account/Login";
options.UserInteraction.LogoutUrl = "/Account/Logout";
options.Authentication = new AuthenticationOptions()
{
CookieLifetime = TimeSpan.FromHours(10), // ID server cookie timeout set to 10 hours
CookieSlidingExpiration = true
};
options.IssuerUri = "https://172.20.16.1:5001";
})
.AddConfigurationStore(options => // this adds the config data from DB (clients, resources)
{
...
})
.AddOperationalStore(options =>// this adds the operational data from DB (codes, tokens, consents)
{
...
})
.AddDeveloperSigningCredential()
.AddAspNetIdentity<ApplicationUser>();
}
My client StartUp class:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.DefaultScheme = "cookie";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("cookie")
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "https://172.20.16.1:5001";
options.RequireHttpsMetadata = false;
options.ClientId = "ClientMVC";
options.ClientSecret = "SuperSecretPassword";
options.SaveTokens = true;
options.ResponseType = "code";
options.UsePkce = true;
options.ResponseMode = "query";
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Clear();
options.Scope.Add("openid");
.. some scopes
});
}
I get the following error
AuthenticationException: The remote certificate is invalid according to the validation procedure:
RemoteCertificateNameMismatch, RemoteCertificateChainErrors
System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)HttpRequestException: The SSL connection could not be established, see inner exception.
System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(bool async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)IOException: IDX20804: Unable to retrieve document from: 'System.String'.
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)
InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
Microsoft.IdentityModel.Protocols.ConfigurationManager.GetConfigurationAsync(CancellationToken cancel)
I tried to add a certificate using the following commands
dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\IdentityServer.pfx -p passw0rd!
dotnet dev-certs https --trust
but this adds the certificate to localhost which is not valid in this case.
Any help on this?
thanks for @Tore for his helpful hint in his answer
I followed the following steps to make the identity server work in docker
identityserver to make it work in iis
without SSL.docker
container and docker compose by removing any SSL related
coniguratiion.docker compose and
everthing is working perfectlySSL certificate.