CorsOrigins and RedirectUrls for SaaS tenantes #5819

9 Answer(s)

• 

  0

  maliming created 2 years ago

  Support Team Fullstack Developer

  hi

  PreConfigure<AbpOpenIddictWildcardDomainOptions>(options =>
  {
      options.EnableWildcardDomainSupport = true;
      options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/signin-oidc");
  });
  

  Save Cancel
• 

  0

  rogercprops created 2 years ago

  Hi,

  Thanks.

  It worked for the Redirect Url but not the PostLogoutRedirectUrls.

  Here's the error from the logs:
  [13:16:29 INF] The logout request was successfully extracted: {
  "id_token_hint": "[redacted]",
  "post_logout_redirect_uri": "https://txguardians.cloverleafcms.de/auth/login"
  }.
  [13:16:29 INF] The logout request was rejected because the specified post_logout_redirect_uri was invalid: https://txguardians.cloverleafcms.de/auth/login.

  And this is the code in the authserver module:

          {
              options.EnableWildcardDomainSupport = true;
              options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/signin-oidc");
              options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/silent-refresh");
              options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/auth/login");
              options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/auth/signout-callback-oidc");
              options.WildcardDomainsFormat.Add("https://{0}:9000/signin-oidc");
              options.WildcardDomainsFormat.Add("https://{0}:9000/auth/signout-callback-oidc");
              options.WildcardDomainsFormat.Add("https://{0}:44321/signin-oidc");
              options.WildcardDomainsFormat.Add("https://{0}:44321/signout-callback-oidc");
          });
  

  Am I missing something?

  Save Cancel
• 

  0

  maliming created 2 years ago

  Support Team Fullstack Developer

  hi

  Please try to clear the redis and try again, then share the full logs. Thanks

  Save Cancel
• 

  0

  rogercprops created 2 years ago

  Here it is:
  [13:42:17 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/.well-known/openid-configuration - -
  [13:42:17 INF] CORS policy execution successful.
  [13:42:17 INF] The request URI matched a server endpoint: Configuration.
  [13:42:17 INF] The configuration request was successfully extracted: {}.
  [13:42:17 INF] The configuration request was successfully validated.
  [13:42:17 INF] The response was successfully returned as a JSON document: {
  "issuer": "https://authserver.cloverleafcms.dev/",
  "authorization_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/authorize",
  "token_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/token",
  "introspection_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/introspect",
  "end_session_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/logout",
  "revocation_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/revocat",
  "userinfo_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/userinfo",
  "device_authorization_endpoint": "https://auth.txguardians.cloverleafcms.dev/device",
  "jwks_uri": "https://auth.txguardians.cloverleafcms.dev/.well-known/jwks",
  "grant_types_supported": [
  "authorization_code",
  "implicit",
  "password",
  "client_credentials",
  "refresh_token",
  "urn:ietf:params:oauth:grant-type:device_code",
  "LinkLogin",
  "Impersonation"
  ],
  "response_types_supported": [
  "code",
  "code id_token",
  "code id_token token",
  "code token",
  "id_token",
  "id_token token",
  "token",
  "none"
  ],
  "response_modes_supported": [
  "form_post",
  "fragment",
  "query"
  ],
  "scopes_supported": [
  "openid",
  "offline_access",
  "email",
  "profile",
  "phone",
  "roles",
  "address",
  "AccountService",
  "IdentityService",
  "AdministrationService",
  "SaasService",
  "ClientService",
  "ServicesService",
  "ClientServiceQueryService",
  "UserInfoQueryService"
  ],
  "claims_supported": [
  "aud",
  "exp",
  "iat",
  "iss",
  "sub"
  ],
  "id_token_signing_alg_values_supported": [
  "RS256"
  ],
  "code_challenge_methods_supported": [
  "S256"
  ],
  "subject_types_supported": [
  "public"
  ],
  "token_endpoint_auth_methods_supported": [
  "client_secret_basic",
  "client_secret_post"
  ],
  "introspection_endpoint_auth_methods_supported": [
  "client_secret_basic",
  "client_secret_post"
  ],
  "revocation_endpoint_auth_methods_supported": [
  "client_secret_basic",
  "client_secret_post"
  ],
  "claims_parameter_supported": false,
  "request_parameter_supported": false,
  "request_uri_parameter_supported": false,
  "authorization_response_iss_parameter_supported": true
  }.
  [13:42:17 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/.well-known/openid-configuration - - - 200 2313 application/json;charset=UTF-8 8.9659ms
  [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjhFOEEwNTQyMUVENUYyRDlFMDcyNzIwNEFDQUQxQTFDRDlBRDEyRkUiLCJ4NXQiOiJqb29GUWg3Vjh0bmdjbklFckswYUhObXRFdjQiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiI5YmIyMWFjOS1kM2FjLTg4N2UtYjUyMS0zYTBjOWM1ZDA4ZDYiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJFZGR5Rml0eiIsImVtYWlsIjoiZWRkeWZpdHpAZ3RleHRlc3QuY29tIiwidGVuYW50aWQiOiIwZWVjM2M1OS1mNzE4LWE5MTYtM2M4Ny0zYTBjOWM1N2RhZjgiLCJ1bmlxdWVfbmFtZSI6IkVkZHlGaXR6Iiwib2lfYXVfaWQiOiI0ZDljNWJmYy0wYWM1LTkyNTktYTFkZS0zYTBjOWZhODE4MTUiLCJhenAiOiJDbG92ZXJsZWFmQ01TIiwiYXRfaGFzaCI6ImRhaWZNQnk0MG5yaGZHek1UeGt5ZEEiLCJvaV90a25faWQiOiIwNzFkMzE0ZC00Njg1LTA0MmEtMjU3MC0zYTBkYzUwMDExY2QiLCJhdWQiOiJDbG92ZXJsZWFmQ01TIiwiZXhwIjoxNjk1MjE4NTAxLCJpc3MiOiJodHRwczovL2F1dGhzZXJ2ZXIuY2xvdmVybGVhZmNtcy5kZXYvIiwiaWF0IjoxNjk1MjE3MzAxfQ.eYbszCdoQR-nz2qpEvLgq1lsxYZqw7nYCLlhaoKwk1Y_TyQVoCode59kbhX_hSnFuvOTFBbw_cq2qES9nAr0s8UED4cStuVmsNGHTcjmozLFCaRUjKpQZRoXvKDupZ-ggE-lj6ME4VMvxUbscIYL71P5ravYf4uxLMt4_FBGyGycMBjzqWLZxzXzhi74UYwaPFK7OdNXHLEKPd4K60tDRNejUjTX4C4_GGt_wlJte5AAQmTO-lG7XX0LQ7axe92lszc4AAIE94jW-mP9XGFvVhicOmH6Vz35yc_mnbERCY0GP2BXrOBM4Txnf3KWYPE_gm466VyAkxMdnlfSIkNcgg&post_logout_redirect_uri=https%3A%2F%2Ftxguardians.cloverleafcms.de%2Fauth%2Flogin - -
  [13:42:18 INF] The request URI matched a server endpoint: Logout.
  [13:42:18 INF] The logout request was successfully extracted: {
  "id_token_hint": "[redacted]",
  "post_logout_redirect_uri": "https://txguardians.cloverleafcms.de/auth/login"
  }.
  [13:42:18 INF] The logout request was rejected because the specified post_logout_redirect_uri was invalid: https://txguardians.cloverleafcms.de/auth/login.
  [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjhFOEEwNTQyMUVENUYyRDlFMDcyNzIwNEFDQUQxQTFDRDlBRDEyRkUiLCJ4NXQiOiJqb29GUWg3Vjh0bmdjbklFckswYUhObXRFdjQiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiI5YmIyMWFjOS1kM2FjLTg4N2UtYjUyMS0zYTBjOWM1ZDA4ZDYiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJFZGR5Rml0eiIsImVtYWlsIjoiZWRkeWZpdHpAZ3RleHRlc3QuY29tIiwidGVuYW50aWQiOiIwZWVjM2M1OS1mNzE4LWE5MTYtM2M4Ny0zYTBjOWM1N2RhZjgiLCJ1bmlxdWVfbmFtZSI6IkVkZHlGaXR6Iiwib2lfYXVfaWQiOiI0ZDljNWJmYy0wYWM1LTkyNTktYTFkZS0zYTBjOWZhODE4MTUiLCJhenAiOiJDbG92ZXJsZWFmQ01TIiwiYXRfaGFzaCI6ImRhaWZNQnk0MG5yaGZHek1UeGt5ZEEiLCJvaV90a25faWQiOiIwNzFkMzE0ZC00Njg1LTA0MmEtMjU3MC0zYTBkYzUwMDExY2QiLCJhdWQiOiJDbG92ZXJsZWFmQ01TIiwiZXhwIjoxNjk1MjE4NTAxLCJpc3MiOiJodHRwczovL2F1dGhzZXJ2ZXIuY2xvdmVybGVhZmNtcy5kZXYvIiwiaWF0IjoxNjk1MjE3MzAxfQ.eYbszCdoQR-nz2qpEvLgq1lsxYZqw7nYCLlhaoKwk1Y_TyQVoCode59kbhX_hSnFuvOTFBbw_cq2qES9nAr0s8UED4cStuVmsNGHTcjmozLFCaRUjKpQZRoXvKDupZ-ggE-lj6ME4VMvxUbscIYL71P5ravYf4uxLMt4_FBGyGycMBjzqWLZxzXzhi74UYwaPFK7OdNXHLEKPd4K60tDRNejUjTX4C4_GGt_wlJte5AAQmTO-lG7XX0LQ7axe92lszc4AAIE94jW-mP9XGFvVhicOmH6Vz35yc_mnbERCY0GP2BXrOBM4Txnf3KWYPE_gm466VyAkxMdnlfSIkNcgg&post_logout_redirect_uri=https%3A%2F%2Ftxguardians.cloverleafcms.de%2Fauth%2Flogin - - - 302 0 - 3.9412ms
  [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=400 - -
  [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
  [13:42:18 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). [13:42:18 INF] Executing ViewResult, running view ~/Views/Error/Default.cshtml. [13:42:18 INF] Executed ViewResult - view ~/Views/Error/Default.cshtml executed in 36.7005ms. [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 44.9802ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=400 - - - 400 - text/html;+charset=utf-8 58.0027ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css?_v=638308125905720381 - - [13:42:18 INF] The file /__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css was not modified [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css?_v=638308125905720381 - - - 304 - text/css 0.6481ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js?_v=638308125910957110 - - [13:42:18 INF] The file /__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js was not modified [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js?_v=638308125910957110 - - - 304 - application/javascript 0.9618ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationLocalizationScript?cultureName=en - - [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationConfigurationScript - - [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ServiceProxyScript - - [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationConfigurationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] Get() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController (Volo.Abp.AspNetCore.Mvc).
  [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
  [13:42:18 INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationLocalizationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationRequestDto) on controller Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController (Volo.Abp.AspNetCore.Mvc). [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Route matched with {area = "Abp", action = "GetAll", controller = "AbpServiceProxyScript", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult GetAll(Volo.Abp.AspNetCore.Mvc.ProxyScripting.ServiceProxyGenerationModel) on controller Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController (Volo.Abp.AspNetCore.Mvc). [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc) in 2.6807ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ServiceProxyScript - - - 200 158 application/javascript 24.4625ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/~images/logo/leptonx/logo-dark.jpeg - - [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/~images/logo/leptonx/logo-dark.jpeg - - - 302 0 - 13.6779ms [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) in 84.8822ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationConfigurationScript - - - 200 8397 application/javascript 99.8249ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=404 - - [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).
  [13:42:18 INF] Executing ViewResult, running view ~/Views/Error/404.cshtml.
  [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript
  [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 185.967ms
  [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
  [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationLocalizationScript?cultureName=en - - - 200 75987 application/javascript 207.3579ms
  [13:42:18 INF] Executed ViewResult - view ~/Views/Error/404.cshtml executed in 40.9456ms.
  [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 49.9008ms
  [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
  [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=404 - - - 404 - text/html;+charset=utf-8 72.4962ms

  Save Cancel
• 

  0

  maliming created 2 years ago

  Support Team Fullstack Developer

  hi

  We have the AbpValidateClientPostLogoutRedirectUri to skip the validation. Can you try to debug this by adding your AbpValidateClientPostLogoutRedirectUri?

  https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientPostLogoutRedirectUri.cs#L8
  https://github.com/abpframework/abp/blob/f851999604193491b52ba72f19a289aa098536c3/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs#L126C1-L127

  Save Cancel
• 

  0

  rogercprops created 2 years ago

  Hi,

  Can you be more specific about what you mean? It's not real clear from the link to the source code.

  Thank you

  Save Cancel
• 

  0

  maliming created 2 years ago

  Support Team Fullstack Developer

  Create a new class by copying the code form AbpValidateClientPostLogoutRedirectUri

  Add your class to event handles.

  builder.RemoveEventHandler(OpenIddictServerHandlers.Session.ValidateClientPostLogoutRedirectUri.Descriptor);
  builder.RemoveEventHandler(AbpValidateClientPostLogoutRedirectUri.Descriptor);
  builder.AddEventHandler(MyAbpValidateClientPostLogoutRedirectUri.Descriptor);
  

  Save Cancel
• 

  1

  rogercprops created 2 years ago

  Where specifically do I put these lines of code? What service or application? What cs file? etc.

  Save Cancel
• 

  0

  maliming created 2 years ago

  Support Team Fullstack Developer

  hi

  PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
  {
      serverBuilder.RemoveEventHandler
  });
  

  https://github.com/abpframework/abp/blob/92f19b86588980f95cdb0e9a6d85a207bfb43126/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs#L120-L133

  Save Cancel