New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Getting Correlation Failure whenever returning from authorizing against an external provider #2115

Closed
adrian-heath opened this Issue Feb 28, 2018 · 9 comments

Comments

Projects
None yet
8 participants
@adrian-heath

adrian-heath commented Feb 28, 2018

I am attempting to set up external authorization against OpenID endpoints for Azure AD B2c and IDPee. In both cases I can navigate to the the appropriate login pages from Identity Server login page but on return I get Correlation Failure.

I've tried various googled suggestions to fix the issue but none will so wasn't sure what to try next or if it was a bug.

This is a sample of the B2C registration I am using

            .AddOpenIdConnect("AADB2C", "AAD B2C (adrian.test)", options =>
            {
                options.MetadataAddress = String.Format(aadInstance, aadTenant, aadDefaultPolicy);
                options.ClientId = aadClientId;

                options.TokenValidationParameters = new TokenValidationParameters
                {
                    NameClaimType = "name"
                };

                options.RemoteAuthenticationTimeout = TimeSpan.FromMinutes(1020);
            });

and this is the main setup

        services.AddIdentityServer()
            .AddCertificateFromFile()
            .AddInMemoryIdentityResources(Config.GetIdentityResources())
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients())
            .AddCustomUserStore();

This is the relevant bit from the IS server log. When logging in using a local login against my custom user store everything succeeds and is working correctly. It is only the process of logging in against an external provider that is causing issues.

Hopefully someone can suggest something to resolve this correlation error. I have already tried a number of googled suggestions including setting the SignInScheme with no luck.

2018-02-28 15:35:10.677 +00:00 [INF] AuthenticationScheme: AADB2C was challenged.
2018-02-28 15:35:13.010 +00:00 [WRN] .AspNetCore.Correlation. state property not found.
2018-02-28 15:35:13.011 +00:00 [INF] Error from RemoteAuthentication: Correlation failed..
2018-02-28 15:35:13.013 +00:00 [ERR] An unhandled exception has occurred while executing the request
System.Exception: Correlation failed.
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Hosting.BaseUrlMiddleware.d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.d__7.MoveNext()

@leastprivilege

This comment has been minimized.

Member

leastprivilege commented Mar 6, 2018

This is really a question for Microsoft since it is their authentication handler. But I have seen similar problems when you have more than one OIDC handler in DI and you don't set a unique callback path for each of them.

@adrian-heath

This comment has been minimized.

adrian-heath commented Mar 6, 2018

Thanks. I removed all but 1 provider and still get a correlation error.

Is there an easy way to setup IdentityServer to support a different callback path for each provider. Currently it is just set to Login2/signin-oidc. Login2 is where Identity Server is hosted.

@leastprivilege

This comment has been minimized.

Member

leastprivilege commented Mar 7, 2018

That's not an IdentityServer configuration - it's all done in the authentication handler.

Try setting up your handler in a plain asp.net core app without IdentityServer - once this is working, copy it over.

@brockallen brockallen closed this Mar 14, 2018

@OscarCanek

This comment has been minimized.

OscarCanek commented Apr 16, 2018

Is there any update or some related issue? I'm getting the same problem.

@davdev82

This comment has been minimized.

davdev82 commented Apr 18, 2018

I am having the same error. ".AspNetCore.Correlation. state property not found". It does not happen all the time, but when it does none of our customers can login and the page is stuck at "/signin-oidc". The only way out is to recycle app pool. We do not have multiple OIDC handlers configured.

I have noticed that the version of the OIDC middleware has been upgraded to 2.0.3, so it might be worth trying that approach to see if it fixes the intermittent errors.

@frankyvij

This comment has been minimized.

frankyvij commented May 4, 2018

Hey, is there any update on the issue yet? We are facing the same problem.

@Leanwit

This comment has been minimized.

Leanwit commented Jun 15, 2018

Same here, any update?

@Shomlings

This comment has been minimized.

Shomlings commented Jun 25, 2018

@frankyvij @Leanwit @adrian-heath @OscarCanek Does anyone have a solution? i have the same problem.

@Leanwit

This comment has been minimized.

Leanwit commented Jun 25, 2018

Hi @Shomlings.
Yes, I resolved my problem. You can check my specific problem and how I resolved in okta/okta-sdk-dotnet#206.

"My site in stage environment it's a http site but resolve https in amazon web server so okta has got http request uri when it's a https externally."

I hope it helps

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment