WSO2身份服务器OpenId Connect Owin [英] WSO2 Identity Server OpenId Connect Owin
问题描述
我正在尝试将WSO2 Identity Server设置为使用OpenId connect.我目前已经应用了此处显示的以下设置:此处是安装WSO2 .
Im trying to set up WSO2 Identity Server to use OpenId connect. I have currently applied the following settings shown Here: Setup WSO2.
可以归结为,我使用了居民身份提供者",并且为我的应用程序"CoolApp"设置了一个服务提供者.
What it boiles down to is that i use the Resident Identity Provider and i have setup a Service Provider for my app "CoolApp".
我配置了"OAuth/OpenID Connect配置"并设置了回调URL.
I configured "OAuth/OpenID Connect Configuration" and set a callback URL.
有一个简单的示例如何在javascript中使用它吗?
Is there a simple example how to use this in javascript?
我玩过IdentityServer3,他们有一个客户端oidc-client.js,可以与Identityserver3很好地结合使用.但是我似乎无法使其与WSO2身份服务器一起使用.
I have played around with identityserver3 and they have a client oidc-client.js which works nicely in combination with identityserver3. However i cant seem to get it working with WSO2 identity server.
我要以错误的方式处理此问题,我真正想要的是像他们尝试的那样使用owin中间件来保护我的网站此处.
I was going about the issue in a wrong way, what i actually wanted was to protect my website using the owin middleware like they tried here and here.
所以现在我有以下内容:
so now i have the following:
app.SetDefaultSignInAsAuthenticationType("ClientCookie");
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AuthenticationType = "ClientCookie",
CookieName = CookieAuthenticationDefaults.CookiePrefix + "ClientCookie",
ExpireTimeSpan = TimeSpan.FromMinutes(5)
});
// ***************************************************************************
// Approach 1 : ResponseType = "id_token token"
// ***************************************************************************
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType,
SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType(),
Authority = " https://localhost:9443/oauth2/",
ClientId = "fgx4M5e27NJqgRIs8nu5aL7Jw3oa",
ClientSecret = "dwGdRDCFY7Soa7CB5K5smkiuMmYa",
RedirectUri = "http://localhost:57815/Account/ExternalLoginCallback/",
ResponseType = "id_token token",
Scope = "openid",
Configuration = new OpenIdConnectConfiguration
{
AuthorizationEndpoint = "https://localhost:9443/oauth2/authorize",
TokenEndpoint = "https://localhost:9443/oauth2/token",
UserInfoEndpoint = "https://localhost:9443/oauth2/userinfo",
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = n =>
{
var token = n.ProtocolMessage.AccessToken;
// persist access token in cookie
if (!string.IsNullOrEmpty(token))
{
n.AuthenticationTicket.Identity.AddClaim(
new Claim("access_token", token));
}
return Task.FromResult(0);
},
AuthenticationFailed = notification =>
{
if (string.Equals(notification.ProtocolMessage.Error, "access_denied", StringComparison.Ordinal))
{
notification.HandleResponse();
notification.Response.Redirect("/");
}
return Task.FromResult<object>(null);
}
}
});
我在SecurityTokenValidated和AuthenticationFailed中设置了一个断点.转到页面,然后按预期将我重定向到WSO2身份服务器.当我登录并返回页面时,我的两个断点均未命中,并且我也未登录.
I put a break point in the SecurityTokenValidated and AuthenticationFailed. Go to the page and i get redirected to the WSO2 identity server as expected. When i login and return to the page both of my break points are NOT hit and im not logged in.
我正在使用WSO2 Identity Server 5.1.0.
Im using WSO2 Identity Server 5.1.0.
@farasath,能否请您帮我,其他人似乎都遇到了同样的问题,还没有找到解决方案.
@farasath, could you please help me and the others out looks like we are all running into the same issue and havent found a solution yet.
在进一步的调查中,我发现使用带有response_type ="code"的代码流也不起作用,因为OIDC中间件不支持它(请参阅
During further investigation i found out that using the code flow with response_type = "code" will not work either, as the OIDC middleware doesn't support it (see here and here).
通过@pinpoint找到一个建议,表明ASP.net核心确实支持此功能.但这不是真正的选择.
Found a suggestion by @pinpoint that ASP.net core does support this. But this is not really an option.
@Hos回答
使用WSO2 Identity Server 5.0.0 OpenID Connect时,未实现"id_token"响应类型.
With WSO2 Identity Server 5.0.0 OpenID Connect "id_token" response type is not implemented. 我没有得到他在帖子中提到的错误响应,但是使用这些版本对我来说结果仍然是一样的,断点永远不会被击中.因此,现在我想知道这是否应该在5.1.0或5.2.0-Beta版中正常工作还是仍然在制品? Im not getting the error response he mentioned in his post, but the results for me stay the same using these versions, the breakpoints never get hit. So now i'm wondering should this actually work in 5.1.0 or in the 5.2.0-Beta or is this still WIP. @farasath,谢谢您的答复,这里是日志 @farasath, Thank you for your reply here are the logs 第二次运行它,我得到了这个日志: Second time i ran it i got this log:
现在,我将重定向uri更改为:
RedirectUri =" http://localhost:57815/Account/ExternalLoginCallback/",
Now i changed my redirect uri to:
RedirectUri = "http://localhost:57815/Account/ExternalLoginCallback/", ,该函数中的logInfo始终为null
var loginInfo =等待AuthenticationManager.GetExternalLoginInfoAsync(); and logInfo in that function is always null
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync(); 谷歌搜索,发现这篇文章,其中有人遇到类似的问题. Googled around and found this post where someone was having similar problems. 使用Fiddler来查看回调,好像已设置了cookie. Used Fiddler to look at the callback looks like a cookie has been set 所以现在我留下了以下情况: So now Im left with the following situation: 原因是OWIN中间件期望OAUTH 2.0表单后响应模式[1]中的OAUTH响应,这是一个可选规范,并且仅Identity Server 5.2 .0(带有补丁)向上支持此功能. Reason for this is OWIN middle-ware is expecting the OAUTH response in OAUTH 2.0 Form Post Response Mode [1] which is an optional spec and only Identity Server 5.2.0 (With a patch) upwards supports this. [1] http://openid. net/specs/oauth-v2-form-post-response-mode-1_0.html 这篇关于WSO2身份服务器OpenId Connect Owin的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
[2016-08-16 08:11:39,998] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2Service} - Validate Client information request for client_id : fgx4M5e27NJqgRIs8nu5aL7Jw3oa and callback_uri http://localhost:57815/
[2016-08-16 08:11:40,074] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2Service} - Registered App found for the given Client Id : fgx4M5e27NJqgRIs8nu5aL7Jw3oa ,App Name : CoolApp, Callback URL : http://localhost:57815/
[2016-08-16 08:11:50,948] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2Service} - Authorization Request received for user : raymond@carbon.super, Client ID : fgx4M5e27NJqgRIs8nu5aL7Jw3oa, Authorization Response Type : id_token token, Requested callback URI : http://localhost:57815/, Requested Scope : openid
[2016-08-16 08:11:50,967] INFO {org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration} - The default OAuth token issuer will be used. No custom token generator is set.
[2016-08-16 08:11:50,985] INFO {org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO} - Thread pool size for session persistent consumer : 100
[2016-08-16 08:11:50,991] DEBUG {org.wso2.carbon.identity.oauth2.dao.TokenPersistenceTask} - Access Token context persist consumer is started
... This one repeats about 100 times ...
[2016-08-16 08:11:51,031] DEBUG {org.wso2.carbon.identity.oauth2.authz.AuthorizationHandlerManager} - Successfully created AppInfoCache under OAuthCacheManager
[2016-08-16 08:11:51,206] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Added OAuthAuthzReqMessageContext to threadlocal
[2016-08-16 08:11:52,180] DEBUG {org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler} - No active access token found in cache for Client ID : fgx4M5e27NJqgRIs8nu5aL7Jw3oa, User ID : raymond@carbon.super and Scope : openid
[2016-08-16 08:11:52,199] DEBUG {org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler} - No access token found in database for Client ID : fgx4M5e27NJqgRIs8nu5aL7Jw3oa, User ID : raymond@carbon.super and Scope : openid. Therefore issuing new access token
[2016-08-16 08:11:52,208] DEBUG {org.wso2.carbon.identity.oauth2.dao.TokenPersistenceTask} - Access Token Data persisting Task is started to run
[2016-08-16 08:11:52,208] DEBUG {org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler} - Persisted Access Token for Client ID : fgx4M5e27NJqgRIs8nu5aL7Jw3oa, Authorized User : raymond@carbon.super, Timestamp : 2016-08-16 08:11:52.207, Validity period (s) : 3600, Scope : openid, Callback URL : http://localhost:57815/, Token State : ACTIVE and User Type : APPLICATION_USER
[2016-08-16 08:11:52,233] DEBUG {org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler} - Access Token was added to OAuthCache for cache key : fgx4M5e27NJqgRIs8nu5aL7Jw3oa:raymond@carbon.super:openid
[2016-08-16 08:11:52,298] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Cleared OAuthAuthzReqMessageContext
[2016-08-16 08:30:17,216] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2Service} - Validate Client information request for client_id : fgx4M5e27NJqgRIs8nu5aL7Jw3oa and callback_uri http://localhost:57815/
[2016-08-16 08:30:17,222] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2Service} - Registered App found for the given Client Id : fgx4M5e27NJqgRIs8nu5aL7Jw3oa ,App Name : CoolApp, Callback URL : http://localhost:57815/
[2016-08-16 08:30:23,178] DEBUG {org.wso2.carbon.identity.oauth2.OAuth2Service} - Authorization Request received for user : raymond@carbon.super, Client ID : fgx4M5e27NJqgRIs8nu5aL7Jw3oa, Authorization Response Type : id_token token, Requested callback URI : http://localhost:57815/, Requested Scope : openid
[2016-08-16 08:30:23,189] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Added OAuthAuthzReqMessageContext to threadlocal
[2016-08-16 08:30:23,195] DEBUG {org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler} - Retrieved active Access Token for Client Id : fgx4M5e27NJqgRIs8nu5aL7Jw3oa, User ID :raymond@carbon.super and Scope : openid from cache
[2016-08-16 08:30:23,203] DEBUG {org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler} - Access Token is valid for another 3264638ms
[2016-08-16 08:30:23,218] DEBUG {org.wso2.carbon.identity.oauth2.util.OAuth2Util} - Cleared OAuthAuthzReqMessageContext
推荐答案
