CorsOrigins and RedirectUrls for SaaS tenantes #5819

9 Answer(s)

• 

  0

  maliming created 7 months ago

  Support Team Fullstack Developer

  hi

  PreConfigure<AbpOpenIddictWildcardDomainOptions>(options =>
  {
      options.EnableWildcardDomainSupport = true;
      options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/signin-oidc");
  });
  

  Save Cancel
• 

  0

  rogercprops created 7 months ago

  Hi,

  Thanks.

  It worked for the Redirect Url but not the PostLogoutRedirectUrls.

  Here's the error from the logs: [13:16:29 INF] The logout request was successfully extracted: { "id_token_hint": "[redacted]", "post_logout_redirect_uri": "https://txguardians.cloverleafcms.de/auth/login" }. [13:16:29 INF] The logout request was rejected because the specified post_logout_redirect_uri was invalid: https://txguardians.cloverleafcms.de/auth/login.

  And this is the code in the authserver module:

          {
              options.EnableWildcardDomainSupport = true;
              options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/signin-oidc");
              options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/silent-refresh");
              options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/auth/login");
              options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/auth/signout-callback-oidc");
              options.WildcardDomainsFormat.Add("https://{0}:9000/signin-oidc");
              options.WildcardDomainsFormat.Add("https://{0}:9000/auth/signout-callback-oidc");
              options.WildcardDomainsFormat.Add("https://{0}:44321/signin-oidc");
              options.WildcardDomainsFormat.Add("https://{0}:44321/signout-callback-oidc");
          });
  

  Am I missing something?

  Save Cancel
• 

  0

  maliming created 7 months ago

  Support Team Fullstack Developer

  hi

  Please try to clear the redis and try again, then share the full logs. Thanks

  Save Cancel
• 

  0

  rogercprops created 7 months ago

  Here it is: [13:42:17 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/.well-known/openid-configuration - - [13:42:17 INF] CORS policy execution successful. [13:42:17 INF] The request URI matched a server endpoint: Configuration. [13:42:17 INF] The configuration request was successfully extracted: {}. [13:42:17 INF] The configuration request was successfully validated. [13:42:17 INF] The response was successfully returned as a JSON document: { "issuer": "https://authserver.cloverleafcms.dev/", "authorization_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/authorize", "token_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/token", "introspection_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/introspect", "end_session_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/logout", "revocation_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/revocat", "userinfo_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/userinfo", "device_authorization_endpoint": "https://auth.txguardians.cloverleafcms.dev/device", "jwks_uri": "https://auth.txguardians.cloverleafcms.dev/.well-known/jwks", "grant_types_supported": [ "authorization_code", "implicit", "password", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:device_code", "LinkLogin", "Impersonation" ], "response_types_supported": [ "code", "code id_token", "code id_token token", "code token", "id_token", "id_token token", "token", "none" ], "response_modes_supported": [ "form_post", "fragment", "query" ], "scopes_supported": [ "openid", "offline_access", "email", "profile", "phone", "roles", "address", "AccountService", "IdentityService", "AdministrationService", "SaasService", "ClientService", "ServicesService", "ClientServiceQueryService", "UserInfoQueryService" ], "claims_supported": [ "aud", "exp", "iat", "iss", "sub" ], "id_token_signing_alg_values_supported": [ "RS256" ], "code_challenge_methods_supported": [ "S256" ], "subject_types_supported": [ "public" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "introspection_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "revocation_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "claims_parameter_supported": false, "request_parameter_supported": false, "request_uri_parameter_supported": false, "authorization_response_iss_parameter_supported": true }. [13:42:17 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/.well-known/openid-configuration - - - 200 2313 application/json;charset=UTF-8 8.9659ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjhFOEEwNTQyMUVENUYyRDlFMDcyNzIwNEFDQUQxQTFDRDlBRDEyRkUiLCJ4NXQiOiJqb29GUWg3Vjh0bmdjbklFckswYUhObXRFdjQiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiI5YmIyMWFjOS1kM2FjLTg4N2UtYjUyMS0zYTBjOWM1ZDA4ZDYiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJFZGR5Rml0eiIsImVtYWlsIjoiZWRkeWZpdHpAZ3RleHRlc3QuY29tIiwidGVuYW50aWQiOiIwZWVjM2M1OS1mNzE4LWE5MTYtM2M4Ny0zYTBjOWM1N2RhZjgiLCJ1bmlxdWVfbmFtZSI6IkVkZHlGaXR6Iiwib2lfYXVfaWQiOiI0ZDljNWJmYy0wYWM1LTkyNTktYTFkZS0zYTBjOWZhODE4MTUiLCJhenAiOiJDbG92ZXJsZWFmQ01TIiwiYXRfaGFzaCI6ImRhaWZNQnk0MG5yaGZHek1UeGt5ZEEiLCJvaV90a25faWQiOiIwNzFkMzE0ZC00Njg1LTA0MmEtMjU3MC0zYTBkYzUwMDExY2QiLCJhdWQiOiJDbG92ZXJsZWFmQ01TIiwiZXhwIjoxNjk1MjE4NTAxLCJpc3MiOiJodHRwczovL2F1dGhzZXJ2ZXIuY2xvdmVybGVhZmNtcy5kZXYvIiwiaWF0IjoxNjk1MjE3MzAxfQ.eYbszCdoQR-nz2qpEvLgq1lsxYZqw7nYCLlhaoKwk1Y_TyQVoCode59kbhX_hSnFuvOTFBbw_cq2qES9nAr0s8UED4cStuVmsNGHTcjmozLFCaRUjKpQZRoXvKDupZ-ggE-lj6ME4VMvxUbscIYL71P5ravYf4uxLMt4_FBGyGycMBjzqWLZxzXzhi74UYwaPFK7OdNXHLEKPd4K60tDRNejUjTX4C4_GGt_wlJte5AAQmTO-lG7XX0LQ7axe92lszc4AAIE94jW-mP9XGFvVhicOmH6Vz35yc_mnbERCY0GP2BXrOBM4Txnf3KWYPE_gm466VyAkxMdnlfSIkNcgg&post_logout_redirect_uri=https%3A%2F%2Ftxguardians.cloverleafcms.de%2Fauth%2Flogin - - [13:42:18 INF] The request URI matched a server endpoint: Logout. [13:42:18 INF] The logout request was successfully extracted: { "id_token_hint": "[redacted]", "post_logout_redirect_uri": "https://txguardians.cloverleafcms.de/auth/login" }. [13:42:18 INF] The logout request was rejected because the specified post_logout_redirect_uri was invalid: https://txguardians.cloverleafcms.de/auth/login. [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjhFOEEwNTQyMUVENUYyRDlFMDcyNzIwNEFDQUQxQTFDRDlBRDEyRkUiLCJ4NXQiOiJqb29GUWg3Vjh0bmdjbklFckswYUhObXRFdjQiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiI5YmIyMWFjOS1kM2FjLTg4N2UtYjUyMS0zYTBjOWM1ZDA4ZDYiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJFZGR5Rml0eiIsImVtYWlsIjoiZWRkeWZpdHpAZ3RleHRlc3QuY29tIiwidGVuYW50aWQiOiIwZWVjM2M1OS1mNzE4LWE5MTYtM2M4Ny0zYTBjOWM1N2RhZjgiLCJ1bmlxdWVfbmFtZSI6IkVkZHlGaXR6Iiwib2lfYXVfaWQiOiI0ZDljNWJmYy0wYWM1LTkyNTktYTFkZS0zYTBjOWZhODE4MTUiLCJhenAiOiJDbG92ZXJsZWFmQ01TIiwiYXRfaGFzaCI6ImRhaWZNQnk0MG5yaGZHek1UeGt5ZEEiLCJvaV90a25faWQiOiIwNzFkMzE0ZC00Njg1LTA0MmEtMjU3MC0zYTBkYzUwMDExY2QiLCJhdWQiOiJDbG92ZXJsZWFmQ01TIiwiZXhwIjoxNjk1MjE4NTAxLCJpc3MiOiJodHRwczovL2F1dGhzZXJ2ZXIuY2xvdmVybGVhZmNtcy5kZXYvIiwiaWF0IjoxNjk1MjE3MzAxfQ.eYbszCdoQR-nz2qpEvLgq1lsxYZqw7nYCLlhaoKwk1Y_TyQVoCode59kbhX_hSnFuvOTFBbw_cq2qES9nAr0s8UED4cStuVmsNGHTcjmozLFCaRUjKpQZRoXvKDupZ-ggE-lj6ME4VMvxUbscIYL71P5ravYf4uxLMt4_FBGyGycMBjzqWLZxzXzhi74UYwaPFK7OdNXHLEKPd4K60tDRNejUjTX4C4_GGt_wlJte5AAQmTO-lG7XX0LQ7axe92lszc4AAIE94jW-mP9XGFvVhicOmH6Vz35yc_mnbERCY0GP2BXrOBM4Txnf3KWYPE_gm466VyAkxMdnlfSIkNcgg&post_logout_redirect_uri=https%3A%2F%2Ftxguardians.cloverleafcms.de%2Fauth%2Flogin - - - 302 0 - 3.9412ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=400 - - [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). [13:42:18 INF] Executing ViewResult, running view ~/Views/Error/Default.cshtml. [13:42:18 INF] Executed ViewResult - view ~/Views/Error/Default.cshtml executed in 36.7005ms. [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 44.9802ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=400 - - - 400 - text/html;+charset=utf-8 58.0027ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css?_v=638308125905720381 - - [13:42:18 INF] The file /__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css was not modified [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css?_v=638308125905720381 - - - 304 - text/css 0.6481ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js?_v=638308125910957110 - - [13:42:18 INF] The file /__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js was not modified [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js?_v=638308125910957110 - - - 304 - application/javascript 0.9618ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationLocalizationScript?cultureName=en - - [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationConfigurationScript - - [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ServiceProxyScript - - [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationConfigurationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] Get() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController (Volo.Abp.AspNetCore.Mvc). [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationLocalizationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationRequestDto) on controller Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController (Volo.Abp.AspNetCore.Mvc). [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Route matched with {area = "Abp", action = "GetAll", controller = "AbpServiceProxyScript", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult GetAll(Volo.Abp.AspNetCore.Mvc.ProxyScripting.ServiceProxyGenerationModel) on controller Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController (Volo.Abp.AspNetCore.Mvc). [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc) in 2.6807ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ServiceProxyScript - - - 200 158 application/javascript 24.4625ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/~images/logo/leptonx/logo-dark.jpeg - - [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/~images/logo/leptonx/logo-dark.jpeg - - - 302 0 - 13.6779ms [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) in 84.8822ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationConfigurationScript - - - 200 8397 application/javascript 99.8249ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=404 - - [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). [13:42:18 INF] Executing ViewResult, running view ~/Views/Error/404.cshtml. [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 185.967ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationLocalizationScript?cultureName=en - - - 200 75987 application/javascript 207.3579ms [13:42:18 INF] Executed ViewResult - view ~/Views/Error/404.cshtml executed in 40.9456ms. [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 49.9008ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=404 - - - 404 - text/html;+charset=utf-8 72.4962ms

  Save Cancel
• 

  0

  maliming created 7 months ago

  Support Team Fullstack Developer

  hi

  We have the AbpValidateClientPostLogoutRedirectUri to skip the validation. Can you try to debug this by adding your AbpValidateClientPostLogoutRedirectUri?

  https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientPostLogoutRedirectUri.cs#L8 https://github.com/abpframework/abp/blob/f851999604193491b52ba72f19a289aa098536c3/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs#L126C1-L127

  Save Cancel
• 

  0

  rogercprops created 7 months ago

  Hi,

  Can you be more specific about what you mean? It's not real clear from the link to the source code.

  Thank you

  Save Cancel
• 

  0

  maliming created 7 months ago

  Support Team Fullstack Developer

  Create a new class by copying the code form AbpValidateClientPostLogoutRedirectUri

  Add your class to event handles.

  builder.RemoveEventHandler(OpenIddictServerHandlers.Session.ValidateClientPostLogoutRedirectUri.Descriptor);
  builder.RemoveEventHandler(AbpValidateClientPostLogoutRedirectUri.Descriptor);
  builder.AddEventHandler(MyAbpValidateClientPostLogoutRedirectUri.Descriptor);
  

  Save Cancel
• 

  1

  rogercprops created 7 months ago

  Where specifically do I put these lines of code? What service or application? What cs file? etc.

  Save Cancel
• 

  0

  maliming created 7 months ago

  Support Team Fullstack Developer

  hi

  PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
  {
      serverBuilder.RemoveEventHandler
  });
  

  https://github.com/abpframework/abp/blob/92f19b86588980f95cdb0e9a6d85a207bfb43126/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs#L120-L133

  Save Cancel