Open Closed

How to allow cross domain cookies in ABP identity server? #4357


User avatar
0
abhichan26 created

Our client application is https://rise-test ,our identity server is https://rise-identity-test and our api host is https://api-internal-test/rise , api gateway is https://api-internal-test and the endpoint are in the rise folder.

We are able to deploy the three services but IdentityServer is throwing error when we try to login: “The cookie 'XSRF-TOKEN' has set 'SameSite=None' and must also set 'Secure'.”

We follow the steps in the article(https://www.thinktecture.com/en/identityserver/prepare-your-identityserver/) and still the issue is not resolved.

How do we solve this error?


9 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can try this.

    https://community.abp.io/posts/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n

  • User Avatar
    0
    abhichan26 created

    hi

    You can try this.

    https://community.abp.io/posts/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n

    Ours is an tiered application with Blazor Web Assembly as UI framework. • ABP Framework version: v5.3 • UI type: / Blazor Web Assembly / • DB provider: EF Core / • Tiered : Yes • Identity Server Separated : yes / • Exception message and stack trace: • Steps to reproduce the issue:"

    Can you please give example of Blazor Web Assembly like you have given for MVC ? Also do we need to make any change in API Host and Identity Server?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The changes only need to applied to Identity Server(AuthServer) project

  • User Avatar
    0
    abhichan26 created

    hi

    The changes only need to applied to Identity Server(AuthServer) project

    Hi Thanks we incorporated the changes suggested.

    It is getting redirected but getting the error message "There was an error trying to log you in: ''

    Also in console we are getting error below error even though all the 3 (website, api host and Identity server) are over 'https'.

    Can you please tell us how to resolve this and why some of the requests are insecure?

    Mixed Content: The page at 'https://rise-test/' was loaded over HTTPS, but requested an insecure frame 'http://rise-identity-test.sgicorp.spencergifts.com/connect/authorize?client_id=RISE_Blazor&redirect_uri=https%3A%2F%2Frise-test%2Fauthentication%2Flogin-callback&response_type=code&scope=openid%20profile%20RISE%20role%20email%20phone&state=52bcc667a3b346f3b6f70b1d9e38929b&code_challenge=P8RPS34_eQ4cHuZXNxGRmfworoCtvaI0k7AIt4sBHU4&code_challenge_method=S256&prompt=none&response_mode=query'. This request has been blocked; the content must be served over HTTPS.

    global.js?_v=637880399805903225:2 Mixed Content: The page at 'https://rise-test/authentication/login-callback?code=FAE159889501FA1719F428CAD642F83F429C27086C08D55310E4A7A5E4AB2DAD&scope=openid%20profile%20RISE%20role%20email%20phone&state=2b0797b0a3804fa49d3a7fc4493b568a&session_state=7IqqdQEVs3zbQNv46CuPS1gCuyZA51BilFQMDU1uadc.D67B5AC93067272E0AFFDCEA0881964A' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://rise-identity-test.sgicorp.spencergifts.com/connect/token'. This request has been blocked; the content must be served over HTTPS.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please check the URLs in your appsettings.json , Maybe some are start with http

  • User Avatar
    0
    abhichan26 created

    hi

    Please check the URLs in your appsettings.json , Maybe some are start with http

    We check all all our url are https: in appsettings(Web, API Host and Identity Server) In below tables also we have uri's as https:// SELECT * FROM [dbo].[IdentityServerClients]

    SELECT * FROM [dbo].[IdentityServerClientRedirectUris]

    SELECT * FROM [dbo].[IdentityServerClientPostLogoutRedirectUris]

    SELECT * FROM [dbo].[IdentityServerClientCorsOrigins]

    We are able to authorize and call the API's from swagger and also we are able to login from Identity Server url.

    Question: Why it is not able to login from Blazor web app? and why it is giving "There was an error trying to log you in: ''??

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    There was an error trying to log you in:

    What are the error logs of the backend? Can you reproduce the problem with a new template? Are you using Docker?

  • User Avatar
    0
    abhichan26 created

    There was an error trying to log you in:

    What are the error logs of the backend? Can you reproduce the problem with a new template?
    Are you using Docker?

    We have deployed WebApp, API and Identity server in kubernetes Cluster.

    We have not tried new template as this is a application under development and we are able to deploy to Azure(Web, API and Identity Server) .But the problem is when we deploy to kubernetes Cluster we are facing problems with Login.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I think it may be that some configuration of kubernetes causes the application to use the http protocol. I am not familiar with kubernetes, you can check it.

Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11