-
-
Notifications
You must be signed in to change notification settings - Fork 480
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to obtain configuration from: '/.well-known/openid-configuration' when hosted on IIS #628
Comments
Hi, The exception seems very clear to me: Usually, it's better not to set this property and simply set (note: it's not specific to OpenIddict as the JWT bearer handler is not developed here and maintained by Microsoft). |
Thanks for the response.
New Error:
The configuration endpoint is working:
The certificate I'm using is valid, I reused the one from the windows store as PFX: |
And all that is working on my local machine without any problem |
sorry, wrong button |
i just deployed the application to the IIS on my win7 dev machine and its working there as well. |
No idea. It's clearly not an OpenIddict issue so I suggest pinging the ASP.NET folks if you need assistance with TLS or with how to register your TLS certificate: https://github.com/aspnet/Home |
I now tried to load the certificate directly from the store:
I tested several different certificates which all are valid and working for SSL. |
It really has nothing to do with the signing certificate (only used by OpenIddict to... sign tokens). It's a transport security issue: for some reasons, your TLS certificate - used to encrypt the HTTP/TCP communications - is not considered valid by your system. It's not an OpenIddict problem. |
Ok, maybe the problem ist that on the server we have dotnet 4.6.1 and the solution target is net47... sadly I have to wait until beginning of next week until infrastructure team has installed the new version on the test server... I'm not allowed to do that :-( so then I close this issue and if I somehow find a fix I add the info here. |
.net Version was not the problem. |
@muehan , did you get resolve this issue? |
@lutvdh sorry for the late response. Yes, as mentioned in the comment before, the intermediate certificate was not installed in the intermediate store. it was in the personal store. so in the vertificate manager the cert and the chain was shown as valid. but the browser was not able to verify the certificate chain because he did not found the intermediate cert in the intermediate store. moving the cert into the right place fixed my problem. |
Confirm the issue on .NET 6, Windows 10 (doesn't happen on macOS and Linux). |
Hi
I use Version:
OpenIddict 2.0.0-rc2-final
OpenIddict.EntityFrameworkCore 2.0.0-rc2-final
OpenIddict.Mvc 2.0.0-rc2-final
with the folowing configuration:
OpenIddict is included in my API, also my SpaClient runs inside this single Application.
If I run this in my Visual Studio with IISExpress everything works fine.
But on my Test Server I have this error:
I tried diffrent configurations for the MetadataAddress but nothing works.
Local and on the server I can open the endpoint "/.well-known/openid-configuration" without any problem.
I also tried to remove the IP binding from the website as described here: #509
sadly with no success.
Any idea what is wrong?
After 2 days of try and error on this single problem I run out of ideas...
The text was updated successfully, but these errors were encountered: