Tagged: ASP.NET Core 1.0., openam
This topic has 3 replies, 2 voices, and was last updated 6 years ago by shurman.cai.
-
AuthorPosts
-
July 15, 2016 at 8:53 am #12029
shurman.cai
ParticipantI am trying to use OpenAM as OpenIdConnect provider, just like google, or facebook as openIdConnect provider,
I have configured the Openam as http://openam.contoso.com/openam.
I can login to the Openam as amadmin through http://openam.contoso.com/openam/XUI/#login/
I have create a OAuth 2.0/OpenID Connect Client, the clientId: ASPNETClient client Password: Pa$$w0rd As the client secret.The redirect_url is http://localhost:5000/signin-oidc
scope: openid profile emailI have used Visual Studio 2015 community version Update 3. to generate a web application with individual authentication. I have added “google”, “facebook” external login and as well “openam” as external login.
the “openam” will use the “app.UseOpenIdConnectAuthentication”, which is similar to google and facebook as external login.I create a simple ASP.NET Core 1.0 Web application and using OpenAM as one of the external login provider,
I can simple get google, and facebook as external login using a few lines code, but I can’t successfully use OpenAm as the external login.There is no problem when click the “facebook”, or “google” external login
In my program web page http://localhost:5000/, I can click the external login button “Openam”, which can successfully open the “http://openam.contoso.com/openam/XUI/#login/” login interface, then I can type the user name user.0 and password to login, and i can set “Allow” the application is request the following private information.
However, after that I got
“An unhandled exception occurred while processing the request.
HttpRequestException: Response status code does not indicate success: 400 (Bad Request).
MoveNext
AggregateException: Unhandled remote failure. (Response status code does not indicate success: 400 (Bad Request).)
MoveNext”The program failed on the _signInManager.Configure…..
{code}
// POST: /Account/ExternalLogin
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public IActionResult ExternalLogin(string provider, string returnUrl = null)
{// Request a redirect to the external login provider.
var redirectUrl = Url.Action(“ExternalLoginCallback”, “Account”, new { ReturnUrl = returnUrl });
var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);return Challenge(properties, provider);
}{code}
Has anyone tried to used OpenAM as OpenIdConnect provider in ASP.NET web application.
How does the “Microsoft.AspNetCore.Authentication.OpenIdConnect” process redirect_uri “/signin-oidc”.July 15, 2016 at 3:46 pm #12046Warren Strange
ParticipantI’d suggest
– Look at the browser payload (use chrome dev tools, etc.) to see what OpenAM is sending back
– Look at the OpenAM debug logs to see if any errors are logged.July 16, 2016 at 2:15 am #12056shurman.cai
ParticipantChrome does not work when the “cors” is enabled in OpenAm 13, the login page is hung up on “loading….”.
-
This reply was modified 6 years ago by
shurman.cai.
July 19, 2016 at 3:04 am #12072shurman.cai
ParticipantI got it work now. the key point is the response type: options.ResponseType = “id_token”; I have used “code” before.
In “public void ConfigureServices(IServiceCollection services)” I add the following codeservices.AddAuthentication(
options => options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);// Configure OIDC Options
services.Configure<OpenIdConnectOptions>(options =>
{
options.AutomaticChallenge = true;
options.AuthenticationScheme = “Openam”;
options.MetadataAddress = “http://openam.contoso.com/openam/oauth2/.well-known/openid-configuration”;
options.ClientId = Configuration[“openam:clientId”];
options.ClientSecret = Configuration[“openam:clientSecret”];options.Scope.Add(“openid”);
options.Scope.Add(“email”);
options.Scope.Add(“profile”);
options.RequireHttpsMetadata = false;
// Set response type to code
options.ResponseType = “id_token”;
options.GetClaimsFromUserInfoEndpoint = true;options.Events = new OpenIdConnectEvents
{
OnRemoteFailure = context =>
{
context.Response.Redirect(“/AccessDenied>error=” + context.Failure.Message);
return Task.FromResult(0);
},
OnTicketReceived = context =>
{
var identity = context.Principal.Identity as ClaimsIdentity;
if (identity != null)
{
if (!context.Principal.HasClaim(c => c.Type == ClaimTypes.Name) &&
identity.HasClaim(c => c.Type == “name”))
identity.AddClaim(new Claim(ClaimTypes.Name, identity.FindFirst(“name”).Value));
}
return Task.FromResult(0);
}
};
});In ” public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)”
I added the following codeapp.UseCookieAuthentication(new CookieAuthenticationOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
LoginPath = new PathString(“/Account/Login”),
LogoutPath = new PathString(“/Account/Logout”)
});
var options = app.ApplicationServices.GetRequiredService<IOptions<OpenIdConnectOptions>>();
app.UseOpenIdConnectAuthentication(options.Value);-
This reply was modified 6 years ago by
shurman.cai.
-
This reply was modified 6 years ago by
-
AuthorPosts
You must be logged in to reply to this topic.