Are there C# intergration examples anywhere?

This topic has 8 replies, 3 voices, and was last updated 2 months, 1 week ago by KMORGAN.

  • Author
  • #28267

    Hi Everyone, is there any examples that are using C# (ideally OWIN) to authenticate? I am trying to setup SSO integration with ForgeRock and my application. I have downloaded and configuration AM-eval-6.5.1 which appeared to be working as I am able to login, configure and create a application. I created a new Realm with a single application. I have set the ClientName and Secret to be the same, the scope(s) and default scope(s) are set to openid.

    The problem I am encountering is invalid_client Client authentication failed on redirection to ForgeRock.

    I have seen this link changing Token Endpoint Authentication Method to client_secret_post but this made no difference.

    I can see a 400 error in fiddler.

    Clearly I have missed something but I am at a miss as to what. Any suggestion would be gratefully received.


    This is the message being sent:

    GET http://<machinednsname fqdn>:9090/AM-eval-6.5.1/oauth2/authorize?client_id=OpenIdcTest&response_type=id_token&scope=openid&state=OpenIdConnect.AuthenticationProperties%3Dio3AMu9_U6PHKqNcGcIl1D717ut6bliZSrlrRL-5ivCwomLCu-OclPyaIBd4aun0hP-g2-hUyBAhMYqAaj6-hYeaEg3ofUAVqnW9lVDhoexKDaM1RgSAKtFGz_xrk1ow0l55q0N4zmK1UcaD6cxXh2U7PRoyjksUOVTW6GakZvk&response_mode=form_post&nonce=637356495226468586.NDZmYjBkMjItMzk2NC00ZTg5LWE3NDAtMDMzNTdkMmI5ZmIzNDA0MmYzYWItMTMxMS00MjZiLWFjZWEtMmUxMjQxMzI4ZDNm&redirect_uri=http%3A%2F%2Flocalhost%2F
    Host: <machine name not fqdn>:9090
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Encoding: gzip, deflate
    Accept-Language: en-NZ,en;q=0.9</em>
    • This reply was modified 2 months, 1 week ago by KMORGAN.

    Response is invalid_client Client authentication failed

    Sorry I can’t paste the whole message here as its blocked by the forum,

    description: “Client authentication failed”,
    message: “invalid_client”


    I am assuming that it can’t access the Realm as if i create the application on the Top Level Realm I get a different error (server_error server_error (400) – The authorization server encountered an unexpected condition which prevented it from fulfilling the request.)

     Andrew Potter

    I see you say you created a realm. From your API call it looks like you are not specifying the realm in the URL.
    See the note on composing the URL with a realm name here: (It’s the same for v6.5)
    i.e. you’ll need something like ‘oauth2/realms/root/realms/<your-realm>/authorize’

     Jatinder Singh

    Addition to what Andrew has already mentioned: To determine what OAuth2 endpoints (e.g. /authorize, /access_token, /introspect) are being published by the Authorization server, you can query the the below endpoint:

    http://<machinednsname fqdn>:9090/AM-eval-6.5.1/oauth2/realms/root/realms/YOUR_REALM/.well-known/openid-configuration


    Excellent thanks for the tip on that the URL needing to contain the realm. That has moved me along but now I am getting other error and am no longer seeing the ForgeRock landing.

    Fiddler is showing that the redirection once ForgeRock is contacted. From the URL is appears that the that there is a setting issue.

    The error on the URL is ‘unsupported_response type’.

    This is the request that was sent.
    GET http://ap-chc-lt179:9090/AM-eval-6.5.1/oauth2/realms/root/realms/OpenIdcTest/authorize?client_id=OpenIdcTest&response_type=token&scope=openid&state=OpenIdConnect.AuthenticationProperties%3D9ohXPw50SIqiU8G5MESHYFOwVhkUfX498bNIKOKHrWjBxDTpnh9cJbN3a2V_yfT7Lmt7t6Oadl03GHIEty5nCDbBghTSpMampv940L7KiSDAgyisNocBFhgqysl__PGyXPoSPVOeqaMheL7MuHF9tfBER0HDUPve8ZQOsDhx3mo&response_mode=form_post&nonce=637357231049035335.ZWE4NmM2YzAtMTI3Mi00NTBlLWE0MGEtZjdhZTVhNGFmZGVjZGNiOTE2NGQtNTg1Zi00OTgxLTljYjctZjRlYThjODdkMDBj&redirect_uri=http%3A%2F%2Flocalhost%2FAxWebOrigination%2FOpenIdConnectCallback&x-client-SKU=ID_NET461&x-client-ver= HTTP/1.1

    In my client configuration I have the following:
    Grant Types, All selected
    Response Types I have ‘code’,’id_token’,’token’,’code token’,’token id_token’,’code id_token’,’code token id_token’,’none’ .
    Token Endpoint Authentication Method, client_secret_post

    I am grateful for any further suggestions.


    I have also tried with response type of id_token too with the same response…

    http://ap-chc-lt179:9090/AM-eval-6.5.1/oauth2/realms/root/realms/OpenIdcTest/authorize?client_id=OpenIdcTest&amp;response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3Dv99ygdGhfUxGeg_WVQyRUk2ZJyzjPe2_16Kxfd0pTqLIQ9zUwe5NntZS3nC7SpEkriyGeALqPg6b_qOhmbiBpRcAe0EP685J-Uj-y6MXVEjkDbB40shr0LcagHOrnqKr-GoEyZo_VzjV9ZNe9otSZtKCCdUb8jaE3YcjzqOMhVw&response_mode=form_post&nonce=637357300946805779.M2JkNTMzNGMtOGUxZS00MWFlLWI2ZmEtNThiOWMwNTg5N2FkMmM4NjFhNDMtMjQ4Zi00ZGYzLWI4MDItNDRjMTc5MTg1MGI1&redirect_uri=http%3A%2F%2Flocalhost%2FAxWebOrigination%2FOpenIdConnectCallback&x-client-SKU=ID_NET461&x-client-ver= HTTP/1.1


    Thanks everyone for your help. I just got it working. My problem was the scope was mismatched between the ForgeRock and the OWIN Configuration in C#. Once corrected I am able redirect login and then receive a JWT token that need for further processing.

    Once again thanks for your help.

    • This reply was modified 2 months, 1 week ago by KMORGAN.
Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?